~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
+
+~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python27-python-arvados-python-client arvados-workbench
+
+~/arvados/apps/workbench$ rake secret
+~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Server::Application.config.secret_token = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
-
+h3. arvados_login_base and arvados_v1_base
+
+Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
+
+arvados_login_base: https://prefix_uuid.your.domain/login
+arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
+
~$ sudo usermod --shell /bin/bash nginx
+~$ sudo -u nginx sh -c 'echo "[[ -z \$PS1 ]] && source scl_source enable python27" >>~/.bash_profile'
+
+
+Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:
+ +server {
+ listen 127.0.0.1:9000;
+ server_name localhost-workbench;
+
+ root /var/www/arvados-workbench/current/public;
+ index index.html index.htm index.php;
+
+ passenger_enabled on;
+ # If you're using RVM, uncomment the line below.
+ #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
+
+ # `client_max_body_size` should match the corresponding setting in
+ # the API server's Nginx configuration.
+ client_max_body_size 128m;
+}
+
+upstream workbench {
+ server 127.0.0.1:9000 fail_timeout=10s;
+}
+
+proxy_http_version 1.1;
+
+server {
+ listen [your public IP address]:443 ssl;
+ server_name workbench.uuid-prefix.your.domain;
+
+ ssl on;
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
+
+ index index.html index.htm index.php;
+ # `client_max_body_size` should match the corresponding setting in
+ # the API server's Nginx configuration.
+ client_max_body_size 128m;
+
+ location / {
+ proxy_pass http://workbench;
+ proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
+This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
+The validation message from Rubygems was:
+ duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
+ add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
+Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
+
+~/arvados/services/api$ RAILS_ENV=development bundle exec rails console
-irb(main):001:0> ApiClient.where('url_prefix like ?', '%workbench%')
-=> {:id => 1234}
-irb(main):002:0> ApiClient.find(1234).update_attributes is_trusted: true
+At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
+
+irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
+=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
+irb(main):002:0> include CurrentApiClient
+=> true
+irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
+=> true
+h2(#admin-user). Add an admin user
+
+Next, we're going to use the Rails console on the API server to activate your account and give yourself admin privileges. {% include 'install_rails_command' %}
+
+Enter the following commands at the console:
+
+
+irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
+irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
+irb(main):003:0> User.where(is_admin: true).collect &:email
+=> ["root", "your_address@example.com"]
+
+At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.