X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/96ce48a816ce1857e1ca3d035b3ab9002b7bc4c4..908261de15c98553a4200f01aff1f26ef57c8fb8:/doc/install/install-keep-web.html.textile.liquid diff --git a/doc/install/install-keep-web.html.textile.liquid b/doc/install/install-keep-web.html.textile.liquid index 47776688aa..9e271d3c27 100644 --- a/doc/install/install-keep-web.html.textile.liquid +++ b/doc/install/install-keep-web.html.textile.liquid @@ -1,31 +1,34 @@ --- layout: default navsection: installguide -title: Install download server +title: Install the keep-web server ... -This installation guide assumes you are on a 64 bit Debian or Ubuntu system. +The keep-web server provides read-only HTTP access to files stored in Keep. It serves public data to unauthenticated clients, and serves private data to clients that supply Arvados API tokens. It can be installed anywhere with access to Keep services, typically behind a web proxy that provides SSL support. See the "godoc page":http://godoc.org/github.com/curoverse/arvados/services/keep-web for more detail. -The keep-web server provides read-only HTTP access to files stored in Keep. It serves public data to anonymous and unauthenticated clients, and accepts authentication via Arvados tokens. It can be installed anywhere with access to Keep services, typically behind a web proxy that provides SSL support. +By convention, we use the following hostnames for the keep-web service: -By convention, we use the following hostname for the download service: - -
download.uuid_prefix.your.domain
+collections.uuid_prefix.your.domain
+
+~$ sudo apt-get install keep-web
+
+~$ echo "deb http://apt.arvados.org/ wheezy main" | sudo tee /etc/apt/sources.list.d/apt.arvados.org.list
-~$ sudo /usr/bin/apt-key adv --keyserver pool.sks-keyservers.net --recv 1078ECD7
-~$ sudo /usr/bin/apt-get update
-~$ sudo /usr/bin/apt-get install keep-web
+~$ sudo yum install keep-web
~$ keep-web -h
Usage of keep-web:
- -address="0.0.0.0:80": Address to listen on, "host:port".
+ -allow-anonymous
+ Serve public data to anonymous clients. Try the token supplied in the ARVADOS_API_TOKEN environment variable when none of the tokens provided in an HTTP request succeed in reading the desired collection. (default false)
+ -attachment-only-host string
+ Accept credentials, and add "Content-Disposition: attachment" response headers, for requests at this hostname:port. Prohibiting inline display makes it possible to serve untrusted and non-public content from a single origin, i.e., without wildcard DNS or SSL.
+ -listen string
+ Address to listen on: "host:port", or ":port" to listen on all interfaces. (default ":80")
+ -trust-all-content
+ Serve non-public content from a single origin. Dangerous: read docs before using!
export ARVADOS_API_HOST=uuid_prefix.your.domain
-exec sudo -u nobody keep-web -address=:9002 2>&1
+export ARVADOS_API_TOKEN="{{railsout}}"
+exec sudo -u nobody keep-web \
+ -listen=:9002 \
+ -attachment-only-host=download.uuid_prefix.your.domain \
+ -allow-anonymous \
+ 2>&1
+upstream keep-web { + server 127.0.0.1:9002; +} + +server { + listen [your public IP address]:443 ssl; + server_name download.uuid_prefix.your.domain + collections.uuid_prefix.your.domain + *.collections.uuid_prefix.your.domain + ~.*--collections.uuid_prefix.your.domain; + + proxy_connect_timeout 90s; + proxy_read_timeout 300s; + + ssl on; + ssl_certificate YOUR/PATH/TO/cert.pem; + ssl_certificate_key YOUR/PATH/TO/cert.key; + + location / { + proxy_pass http://keep-web; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} +
keep_web_download_url: https://download.uuid_prefix.your.domain/c=%{uuid_or_pdh}
+
+keep-web: dl.uuid_prefix.your.domain
+keep_web_url: https://%{uuid_or_pdh}--collections.uuid_prefix.your.domain
+keep_web_url: https://%{uuid_or_pdh}.collections.uuid_prefix.your.domain
+keep_web_url: https://collections.uuid_prefix.your.domain/c=%{uuid_or_pdh}