[ARVADOS] created: 2.1.0-1141-g6160b7425

Git user git at public.arvados.org
Tue Aug 3 15:16:40 UTC 2021 

        at  6160b7425d9da6cc9d245b7cc754e81427f8ac9c (commit)


commit 6160b7425d9da6cc9d245b7cc754e81427f8ac9c
Author: Ward Vandewege <ward at curii.com>
Date:   Tue Aug 3 11:15:20 2021 -0400

    17591: be more explicit about the required TLS certificates and DNS
           hostnames.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/doc/install/install-keep-web.html.textile.liquid b/doc/install/install-keep-web.html.textile.liquid
index 5ff9f4419..9f63d1bcf 100644
--- a/doc/install/install-keep-web.html.textile.liquid
+++ b/doc/install/install-keep-web.html.textile.liquid
@@ -90,7 +90,7 @@ Note the trailing slash.
 {% include 'notebox_begin' %}
 Whether you choose to serve collections from their own subdomain or from a single domain, it's important to keep in mind that they should be served from me same _site_ as Workbench for the inline previews to work.
 
-Please check "keep-web's URL pattern guide":/api/keep-web-urls.html#same-site to learn more.
+Please check "keep-web's URL pattern guide":../api/keep-web-urls.html#same-site to learn more.
 {% include 'notebox_end' %}
 
 h2. Set InternalURLs
diff --git a/doc/install/install-manual-prerequisites.html.textile.liquid b/doc/install/install-manual-prerequisites.html.textile.liquid
index ab4a65a0c..77b46358b 100644
--- a/doc/install/install-manual-prerequisites.html.textile.liquid
+++ b/doc/install/install-manual-prerequisites.html.textile.liquid
@@ -142,7 +142,7 @@ You may also use a different method to pick the cluster identifier. The cluster
 
 h2(#dnstls). DNS entries and TLS certificates
 
-The following services are normally public-facing and require DNS entries and corresponding TLS certificates.  Get certificates from your preferred TLS certificate provider.  We recommend using "Let's Encrypt":https://letsencrypt.org/.  You can run several services on same node, but each distinct hostname requires its own TLS certificate.
+The following services are normally public-facing and require DNS entries and corresponding TLS certificates.  Get certificates from your preferred TLS certificate provider.  We recommend using "Let's Encrypt":https://letsencrypt.org/.  You can run several services on same node, but each distinct hostname requires a valid, matching TLS certificate.
 
 This guide uses the following hostname conventions.  A later part of this guide will describe how to set up Nginx virtual hosts.
 
@@ -151,17 +151,62 @@ table(table table-bordered table-condensed).
 |_. Function|_. Hostname|
 |Arvados API|@ClusterID.example.com@|
 |Arvados Git server|git. at ClusterID.example.com@|
+|Arvados Webshell|webshell. at ClusterID.example.com@|
 |Arvados Websockets endpoint|ws. at ClusterID.example.com@|
 |Arvados Workbench|workbench. at ClusterID.example.com@|
 |Arvados Workbench 2|workbench2. at ClusterID.example.com@|
 |Arvados Keepproxy server|keep. at ClusterID.example.com@|
 |Arvados Keep-web server|download. at ClusterID.example.com@
 _and_
-*.collections. at ClusterID.example.com@ or
-*<notextile>--</notextile>collections. at ClusterID.example.com@ or
+*.collections. at ClusterID.example.com@ _or_
+*<notextile>--</notextile>collections. at ClusterID.example.com@ _or_
 collections. at ClusterID.example.com@ (see the "keep-web install docs":install-keep-web.html)|
 </div>
 
+Setting up Arvados is easiest when Wildcard TLS and wildcard DNS are available. It is also possible to set up Arvados without wildcard TLS and DNS. The table below lists the required TLS certificates and DNS hostnames in each scenario.
+
+<div class="offset1">
+table(table table-bordered table-condensed).
+||_. Wildcard TLS and DNS available|_. Wildcard TLS available|_. Other|
+|TLS|*. at ClusterID.example.com@
+ at ClusterID.example.com@
+*.collections. at ClusterID.example.com@|*. at ClusterID.example.com@
+ at ClusterID.example.com@|@ClusterID.example.com@
+git. at ClusterID.example.com@
+webshell. at ClusterID.example.com@
+ws. at ClusterID.example.com@
+workbench. at ClusterID.example.com@
+workbench2. at ClusterID.example.com@
+keep. at ClusterID.example.com@
+download. at ClusterID.example.com@
+collections. at ClusterID.example.com@|
+|DNS|@ClusterID.example.com@
+git. at ClusterID.example.com@
+webshell. at ClusterID.example.com@
+ws. at ClusterID.example.com@
+workbench. at ClusterID.example.com@
+workbench2. at ClusterID.example.com@
+keep. at ClusterID.example.com@
+download. at ClusterID.example.com@
+*.collections. at ClusterID.example.com@|@ClusterID.example.com@
+git. at ClusterID.example.com@
+webshell. at ClusterID.example.com@
+ws. at ClusterID.example.com@
+workbench. at ClusterID.example.com@
+workbench2. at ClusterID.example.com@
+keep. at ClusterID.example.com@
+download. at ClusterID.example.com@
+collections. at ClusterID.example.com@|@ClusterID.example.com@
+git. at ClusterID.example.com@
+webshell. at ClusterID.example.com@
+ws. at ClusterID.example.com@
+workbench. at ClusterID.example.com@
+workbench2. at ClusterID.example.com@
+keep. at ClusterID.example.com@
+download. at ClusterID.example.com@
+collections. at ClusterID.example.com@|
+</div>
+
 {% include 'notebox_begin' %}
 It is also possible to create your own certificate authority, issue server certificates, and install a custom root certificate in the browser.  This is out of scope for this guide.
 {% include 'notebox_end' %}

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list