Re: [galaxy-dev] how to configure sub-uri in galaxy.yml

Ping Luo Fri, 14 Dec 2018 09:03:45 -0800

Peter,

I have been using the default http protocol for the Galaxy server which is
not preferred. I am now testing uwsgi TCP sockets. I start the server on
server root without sub-uri to see how it works.


Here is my Apache configuration:

<VirtualHost *:8443>
    ServerName  xxx.xxx.xxx.xxx
    ServerAdmin ad...@xxx.xxx

    DocumentRoot "/opt/rh/httpd24/root/var/www/html"
    TransferLog  "logs/scgalaxy_access.log"
    ErrorLog     "logs/scgalaxy_error.log"

    SSLEngine On
    SSLProtocol              all -SSLv3 -TLSv1 -TLSv1.1
    SSLCertificateFile      "/etc/pki/tls/certs/galaxy.cer"
    SSLCertificateKeyFile   "/etc/pki/tls/private/galaxy.key"
    SSLCertificateChainFile "/etc/pki/tls/certs/galaxy.cer"

    RewriteEngine on
    ProxyPass /            uwsgi://127.0.0.1:4001/                     #
access is denied due to username not provided with external authentication
method
#   ProxyPass /            http://127.0.0.1:8080/                       #
same configuration works fine with http

    <Location "/">
        SSLRequireSSL
        AuthType CAS
        Require valid-user
        RewriteCond %{IS_SUBREQ} ^false$
        RewriteCond %{LA-U:REMOTE_USER} (.+)
        RewriteRule . - [E=RU:%1]
        RequestHeader set X-URL-SCHEME https
        RequestHeader set REMOTE_USER  %{REMOTE_USER}s
    </Location>
</VirtualHost>

However, when accessing the galaxy server, I got the following error. The
same setting works fine when galaxy is served with http. What need be
changed in Apache for serving galaxy with uwsgi socket?
Access to Galaxy is denied

Galaxy is configured to authenticate users via an external method (such as
HTTP authentication in Apache), but a username was not provided by the
upstream (proxy) server. This is generally due to a misconfiguration in the
upstream server.


The log file dumps the following output:

galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,724
[p:19333,w:1,m:0] [uWSGIWorker1Core0] Unable to identify user.
HTTP_REMOTE_USER not found
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multiprocess = False
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725
[p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include_app_iter =
<paste.recursive.IncluderAppIter from />
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_COOKIE =
_ga=GA1.2.525722961.1528376483;
__utma=194481448.525722961.1528376483.1528377532.1528377532.1;
_vwo_uuid_v2=DF9EBC570796316331B3F82AE49BE8DE8|18923f6303554ba0ab6938b046ebc11c;
_vwo_uuid=DF9EBC570796316331B3F82AE49BE8DE8;
MOD_AUTH_CAS_S=4865a71d55619aa6196d7b753d27356e;
galaxysession=4a833ad4d9934a58ce0b64778f963b982b8f5e10ca4a7b26ac9eeb1368c1462fdcb2aa7c9f32ba00
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.forward =
<paste.recursive.Forwarder from />
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_DOCUMENT_ROOT =
/opt/rh/httpd24/root/var/www/html
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SOFTWARE = Apache/2.4.34 (Red
Hat) OpenSSL/1.0.2k-fips Phusion_Passenger/4.0.50
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include =
<paste.recursive.Includer from />
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_PREFIX =
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SIGNATURE =
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_METHOD = GET
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH_INFO = /
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PROTOCOL = HTTP/1.1
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726
[p:19333,w:1,m:0] [uWSGIWorker1Core0] QUERY_STRING =
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH =
/opt/rh/rh-ruby22/root/usr/bin:/opt/rh/httpd24/root/usr/bin:/opt/rh/httpd24/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] LD_LIBRARY_PATH =
/opt/rh/rh-ruby22/root/usr/lib64:/opt/rh/httpd24/root/usr/lib64
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SSL_TLS_SNI =
portal-terra.hprc.tamu.edu
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] RU = pingluo
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_USER_AGENT = Mozilla/5.0 (X11;
Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CONNECTION = keep-alive
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_NAME =
portal-terra.hprc.tamu.edu
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_ADDR = 165.91.254.86
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.throw_errors = True
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.url_scheme = https
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PORT = 8443
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.node = portal
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADDR = 165.91.16.42
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] DOCUMENT_ROOT =
/opt/rh/httpd24/root/var/www/html
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] original_wsgi.url_scheme = https
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.core = 0
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_FILENAME = proxy:uwsgi://
127.0.0.1:4001/
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADMIN = ad...@hprc.tamu.edu
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728
[p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.script_name =
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URI =
https://portal-terra.hprc.tamu.edu:8443/
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.input = <uwsgi._Input object at
0x2ad4f36e81e0>
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_USER = pingluo
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_HOST =
portal-terra.hprc.tamu.edu:8443
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URL = /
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTPS = on
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multithread = True
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_UPGRADE_INSECURE_REQUESTS = 1
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CACHE_CONTROL = max-age=0
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_URI = /
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT =
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_X_URL_SCHEME = https
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.version = (1, 0)
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] GATEWAY_INTERFACE = CGI/1.1
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.run_once = False
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_NAME =
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_PORT = 56284
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.5
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_SCHEME = https
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.errors = <open file
'wsgi_errors', mode 'w' at 0x2ad4f3b350c0>
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.version = 2.0.17.1
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] request_id =
d8e1b156ffc111e8bbbc0894ef20d911
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731
[p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.file_wrapper = <built-in
function uwsgi_sendfile>
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732
[p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_ENCODING = gzip, deflate,
br
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732
[p:19333,w:1,m:0] [uWSGIWorker1Core0] UNIQUE_ID =
XBPh0ilC82mF4py6Qa6eRwAAAAI


Thanks,


Ping

On Wed, Dec 12, 2018 at 5:07 AM Peter Briggs <peter.bri...@manchester.ac.uk>
wrote:

> Hello Ping
>
> If you're using the YAML config then there isn't an equivalent of the
> "[filter:proxy-prefix]" section from the INI version of the config - this
> section doesn't seem to be required any more. So the two lines you already
> have in the 'galaxy' section of the YAML file should be sufficient i.e.
>
> galaxy:
>     #...
>     filter-with: proxy-prefix
>     cookie_path: '/galaxy'
>
> However you also need to make sure that you have the correct options in
> the 'uwsgi' section of the YAML config file, and that your Apache
> configuration is set correctly to handle the proxy prefix. The relevant
> documentation for these is here (for 18.09):
>
>
> https://docs.galaxyproject.org/en/release_18.09/admin/apache.html#serving-galaxy-at-a-url-prefix
>
> HTH
>
> Best wishes
>
> Peter
>
> --
> Peter Briggs peter.bri...@manchester.ac.uk
> Bioinformatics Core Facility University of Manchester
> B.1083 Michael Smith Bldg Tel: (0161) 2751482
>
> ------------------------------
> *From:* galaxy-dev [galaxy-dev-boun...@lists.galaxyproject.org] on behalf
> of Ping Luo [luop0...@gmail.com]
> *Sent:* Wednesday, December 12, 2018 6:35 AM
> *To:* galaxy-dev
> *Subject:* [galaxy-dev] how to configure sub-uri in galaxy.yml
>
> I am trying to configure Galaxy v18.09 wtih sub-uri. In prior 18.01, I use
> this configuration in conjunction with Apache rewrite rules and it works
> well:
>
> [filter:proxy-prefix]
> use = egg:PasteDeploy#prefix
> prefix = /msgalaxy
> [app:main]
> filter-with = proxy-prefix
> cookie_path = '/galaxy'
>
>
> In galaxy.yml, I know I need to uncomment and add the following
>
> filter-with: proxy-prefix
> cookie_path: '/galaxy'
>
> However, I don't know where and how to add filter:proxy-prefix. The
> comment in config.yml says:
>
>   # If running behind a proxy server and Galaxy is served from a
>   # subdirectory, enable the proxy-prefix filter and set the prefix in
>   # the [filter:proxy-prefix] section above.
>
> which is for galaxy.ini file. An example on how to do it would be much
> appreciated.
>
> Ping
>

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/

Re: [galaxy-dev] how to configure sub-uri in galaxy.yml

Reply via email to