X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7407f41105f8000bb3908d41a31daaf3a30d9440..75aee7b3d5b6c8e84e25e71eefe88040d8a12022:/doc/install/install-api-server.html.textile.liquid
diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index b8442eb060..06f94a8a5f 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -48,25 +48,20 @@ h3. Tokens
SystemRootToken: "$system_root_token"
ManagementToken: "$management_token"
- API:
- RailsSessionSecretToken: "$rails_secret_token"
Collections:
- BlobSigningKey: "blob_signing_key"
+ BlobSigningKey: "$blob_signing_key"
-@SystemRootToken@ is used by Arvados system services to authenticate as the system (root) user when communicating with the API server.
+These secret tokens are used to authenticate messages between Arvados components.
+* @SystemRootToken@ is used by Arvados system services to authenticate as the system (root) user when communicating with the API server.
+* @ManagementToken@ is used to authenticate access to system metrics.
+* @Collections.BlobSigningKey@ is used to control access to Keep blocks.
-@ManagementToken@ is used to authenticate access to system metrics.
-
-@API.RailsSessionSecretToken@ is required by the API server.
-
-@Collections.BlobSigningKey@ is used to control access to Keep blocks.
-
-You can generate a random token for each of these items at the command line like this:
+Each token should be a string of at least 50 alphanumeric characters. You can generate a suitable token with the following command:
-~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50; echo
+~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50 ; echo
@@ -153,16 +148,22 @@ server {
client_max_body_size 128m;
location / {
- proxy_pass http://controller;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
+ proxy_pass http://controller;
+ proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+ proxy_max_temp_file_size 0;
+ proxy_request_buffering off;
+ proxy_buffering off;
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
proxy_set_header X-External-Client $external_client;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Real-IP $remote_addr;
}
}
@@ -202,20 +203,23 @@ server {
h2(#confirm-working). Confirm working installation
-Confirm working controller:
+We recommend using the "Cluster diagnostics tool.":diagnostics.html The first few tests (10, 20, 30) will succeed if you have a working API server and controller. Of course, tests for services that you have not yet installed and configured will fail.
+
+Here are some other checks you can perform manually.
+
+h3. Confirm working controller
$ curl https://ClusterID.example.com/arvados/v1/config
-Confirm working Rails API server:
+h3. Confirm working Rails API server
$ curl https://ClusterID.example.com/discovery/v1/apis/arvados/v1/rest
-Confirm that you can use the system root token to act as the system root user:
+h3. Confirm that you can use the system root token to act as the system root user
-
-$ curl -H "Authorization: Bearer $system_root_token" https://ClusterID.example.com/arvados/v1/users/current
+$ curl -H "Authorization: Bearer $system_root_token" https://ClusterID.example.com/arvados/v1/users/current
h3. Troubleshooting