is just an apache page
Is it an error page/the default index.html/other? Next: Are you doing the proxying with mod_proxy or with mod_rewrite? mod_rewrite looks like RewriteRule ^(.*) https://144.174.51.187:8080$1 [P] while mod_proxy looks like ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ Cheers, Eric On 08/26/2014 09:39 AM, Shrum, Donald C wrote:
If I go directly to https://galaxy.rcc.fsu.edu what I get is just an apache page. It's not doing the proxy to galaxy.
The debug shows... [Tue Aug 26 10:36:45 2014] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized [Tue Aug 26 10:36:45 2014] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 21513 for (*) [Tue Aug 26 10:36:46 2014] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 21514 for worker proxy:reverse [Tue Aug 26 10:36:46 2014] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized
-----Original Message----- From: Eric Rasche [mailto:rasche.eric@yandex.ru] Sent: Tuesday, August 26, 2014 10:34 AM To: Shrum, Donald C Subject: Re: [galaxy-dev] ssl proxy
not forwarded to the galaxy server
hmm. (technically it shouldn't be forwarding, once you hit https, it should display galaxy directly). Is it just a blank white screen or a proper error code?
Why don't you increase the log level and see if anything shows up in the logs? Add
LogLevel debug
and then tail all of your apache logs. What do those look like when you request https://your-domain/ ?
Cheers, Eric
On 08/26/2014 09:25 AM, Shrum, Donald C wrote:
I get a redirect from http to https but then I'm not forwarded to the galaxy server.
If you have a suggestion I'll take it and thanks for the help with this.
-----Original Message----- From: Eric Rasche [mailto:rasche.eric@yandex.ru] Sent: Tuesday, August 26, 2014 10:19 AM To: Shrum, Donald C; Kandalaft, Iyad Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] ssl proxy
What issues are you still seeing? How is it non-functional?
On 08/26/2014 08:32 AM, Shrum, Donald C wrote:
I think I'd also need to change the proxy config to include the https
<Proxy *> AddDefaultCharset off Order Deny,Allow Allow from all </Proxy>
<Proxy https://144.174.51.187:8080> Order deny,allow Allow from all </Proxy>
Even with that and your change... no luck. I'll keep tinkering.
-----Original Message----- From: Kandalaft, Iyad [mailto:Iyad.Kandalaft@AGR.GC.CA] Sent: Tuesday, August 26, 2014 8:44 AM To: Shrum, Donald C; Eric Rasche Cc: galaxy-dev@lists.bx.psu.edu Subject: RE: [galaxy-dev] ssl proxy
Sorry Don, I forgot the http"s" in the proxy line: RewriteRule ^(.*) https://144.174.51.187:8080$1 [P]
That should do it :)
Iyad Kandalaft
-----Original Message----- From: Shrum, Donald C [mailto:DCShrum@admin.fsu.edu] Sent: Monday, August 25, 2014 9:27 PM To: Kandalaft, Iyad; Eric Rasche Cc: galaxy-dev@lists.bx.psu.edu Subject: RE: [galaxy-dev] ssl proxy
I'm not using a virtual host. Apache is just there as a proxy. I tried the rewrite rules below...
I get a redirect from 80 to 443 as expected for the ldap authentication. After authenticating I do not get redirected to 8080 for galaxy. I've tried a few different ways and always get that. I'll dig in tomorrow morning and after some coffee to see if I can figure it out.
It's probably worth posting the solution in the docs.
-----Original Message----- From: Kandalaft, Iyad [mailto:Iyad.Kandalaft@AGR.GC.CA] Sent: Monday, August 25, 2014 8:42 PM To: Eric Rasche; Shrum, Donald C Cc: galaxy-dev@lists.bx.psu.edu Subject: RE: [galaxy-dev] ssl proxy
Hi Eric
I'm not sure that he is using a virtual host on 443. I suppose that a "redirect permanent" would work in either case, but I was thinking along the lines of:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/static/style/(.*) /panfs/storage.local/opt/galaxy-dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /panfs/storage.local/opt/galaxy-dist/static/scripts/packed/$1 [L] RewriteRule ^/static/(.*) /panfs/storage.local/opt/galaxy-dist/static/$1 [L] RewriteRule ^/favicon.ico /panfs/storage.local/opt/galaxy-dist/static/favicon.ico [L]
RewriteRule ^/robots.txt /panfs/storage.local/opt/galaxy-dist/static/robots.txt [L] RewriteRule ^(.*) http://144.174.51.187:8080$1 [P]
What do you think?
Iyad Kandalaft Bioinformatics Programmer Microbial Biodiversity Bioinformatics Science & Technology Branch Agriculture & Agri-Food Canada Iyad.Kandalaft@agr.gc.ca | (613) 759-1228 ________________________________ From: galaxy-dev-bounces@lists.bx.psu.edu [galaxy-dev-bounces@lists.bx.psu.edu] on behalf of Eric Rasche [rasche.eric@yandex.ru] Sent: August 25, 2014 4:21 PM To: DCShrum@admin.fsu.edu Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] ssl proxy
We use:
<VirtualHost *:80> ServerName <our.server.fqdn> DocumentRoot "/var/www/" <Directory "/var/www/"> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted </Directory> Redirect permanent / https://<UrlBlockedError.aspx><our.server.fqdn>/ </VirtualHost>
Ours is managed with puppet so I've tried to redact the non-relevant blocks, but that should work for you.
Cheers, Eric
On 08/25/2014 03:03 PM, Shrum, Donald C wrote:
Hi all,
I have a galaxy install with an apache proxy and ldap authentication.
<Location /> RequestHeader set X-URL-SCHEME https AuthBasicProvider ldap Other stuff.... </Location>
RewriteEngine on RewriteRule ^/static/style/(.*) /panfs/storage.local/opt/galaxy-dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /panfs/storage.local/opt/galaxy-dist/static/scripts/packed/$1 [L] RewriteRule ^/static/(.*) /panfs/storage.local/opt/galaxy-dist/static/$1 [L] RewriteRule ^/favicon.ico /panfs/storage.local/opt/galaxy-dist/static/favicon.ico [L] RewriteRule ^/robots.txt /panfs/storage.local/opt/galaxy-dist/static/robots.txt [L] RewriteRule ^(.*) http://144.174.51.187:8080$1 [P]
What is the best way to manage the redirect from http to https for the authentication?
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Eric Rasche Programmer II Center for Phage Technology Texas A&M University College Station, TX 77843 404-692-2048 <tel:4046922048> esr@tamu.edu<mailto:esr@tamu.edu> <mailto:esr@tamu.edu><mailto:esr@tamu.edu> -- Eric Rasche Programmer II Center for Phage Technology Texas A&M University College Station, TX 77843 404-692-2048 esr@tamu.edu<mailto:esr@tamu.edu> rasche.eric@yandex.ru<mailto:rasche.eric@yandex.ru>
-- Eric Rasche Programmer II Center for Phage Technology Texas A&M University College Station, TX 77843 404-692-2048 esr@tamu.edu rasche.eric@yandex.ru