Peter, I just figured out how to fix it. In galaxy.yml, I changed HTTP_REMOTE_USER to REMOTE_USER, and now it works. My next thing is to test the sub-uri. Thanks, Ping On Fri, Dec 14, 2018 at 11:02 AM Ping Luo <luop0812@gmail.com> wrote:
Peter,
I have been using the default http protocol for the Galaxy server which is not preferred. I am now testing uwsgi TCP sockets. I start the server on server root without sub-uri to see how it works.
Here is my Apache configuration:
<VirtualHost *:8443> ServerName xxx.xxx.xxx.xxx ServerAdmin admin@xxx.xxx
DocumentRoot "/opt/rh/httpd24/root/var/www/html" TransferLog "logs/scgalaxy_access.log" ErrorLog "logs/scgalaxy_error.log"
SSLEngine On SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile "/etc/pki/tls/certs/galaxy.cer" SSLCertificateKeyFile "/etc/pki/tls/private/galaxy.key" SSLCertificateChainFile "/etc/pki/tls/certs/galaxy.cer"
RewriteEngine on ProxyPass / uwsgi://127.0.0.1:4001/ # access is denied due to username not provided with external authentication method # ProxyPass / http://127.0.0.1:8080/ # same configuration works fine with http
<Location "/"> SSLRequireSSL AuthType CAS Require valid-user RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set X-URL-SCHEME https RequestHeader set REMOTE_USER %{REMOTE_USER}s </Location> </VirtualHost>
However, when accessing the galaxy server, I got the following error. The same setting works fine when galaxy is served with http. What need be changed in Apache for serving galaxy with uwsgi socket? Access to Galaxy is denied
Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.
The log file dumps the following output:
galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,724 [p:19333,w:1,m:0] [uWSGIWorker1Core0] Unable to identify user. HTTP_REMOTE_USER not found galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multiprocess = False galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include_app_iter = <paste.recursive.IncluderAppIter from /> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_COOKIE = _ga=GA1.2.525722961.1528376483; __utma=194481448.525722961.1528376483.1528377532.1528377532.1; _vwo_uuid_v2=DF9EBC570796316331B3F82AE49BE8DE8|18923f6303554ba0ab6938b046ebc11c; _vwo_uuid=DF9EBC570796316331B3F82AE49BE8DE8; MOD_AUTH_CAS_S=4865a71d55619aa6196d7b753d27356e; galaxysession=4a833ad4d9934a58ce0b64778f963b982b8f5e10ca4a7b26ac9eeb1368c1462fdcb2aa7c9f32ba00 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.forward = <paste.recursive.Forwarder from /> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_DOCUMENT_ROOT = /opt/rh/httpd24/root/var/www/html galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SOFTWARE = Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips Phusion_Passenger/4.0.50 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include = <paste.recursive.Includer from /> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_PREFIX = galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SIGNATURE = galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_METHOD = GET galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH_INFO = / galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PROTOCOL = HTTP/1.1 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 [p:19333,w:1,m:0] [uWSGIWorker1Core0] QUERY_STRING = galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH = /opt/rh/rh-ruby22/root/usr/bin:/opt/rh/httpd24/root/usr/bin:/opt/rh/httpd24/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] LD_LIBRARY_PATH = /opt/rh/rh-ruby22/root/usr/lib64:/opt/rh/httpd24/root/usr/lib64 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SSL_TLS_SNI = portal-terra.hprc.tamu.edu galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] RU = pingluo galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_USER_AGENT = Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CONNECTION = keep-alive galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_NAME = portal-terra.hprc.tamu.edu galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_ADDR = 165.91.254.86 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.throw_errors = True galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.url_scheme = https galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PORT = 8443 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.node = portal galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADDR = 165.91.16.42 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] DOCUMENT_ROOT = /opt/rh/httpd24/root/var/www/html galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] original_wsgi.url_scheme = https galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.core = 0 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_FILENAME = proxy:uwsgi:// 127.0.0.1:4001/ galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADMIN = admin@hprc.tamu.edu galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.script_name = galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URI = https://portal-terra.hprc.tamu.edu:8443/ galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.input = <uwsgi._Input object at 0x2ad4f36e81e0> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_USER = pingluo galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_HOST = portal-terra.hprc.tamu.edu:8443 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URL = / galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTPS = on galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multithread = True galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_UPGRADE_INSECURE_REQUESTS = 1 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CACHE_CONTROL = max-age=0 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_URI = / galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_X_URL_SCHEME = https galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.version = (1, 0) galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] GATEWAY_INTERFACE = CGI/1.1 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.run_once = False galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_NAME = galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_PORT = 56284 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.5 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_SCHEME = https galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.errors = <open file 'wsgi_errors', mode 'w' at 0x2ad4f3b350c0> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.version = 2.0.17.1 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] request_id = d8e1b156ffc111e8bbbc0894ef20d911 galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.file_wrapper = <built-in function uwsgi_sendfile> galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732 [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_ENCODING = gzip, deflate, br galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732 [p:19333,w:1,m:0] [uWSGIWorker1Core0] UNIQUE_ID = XBPh0ilC82mF4py6Qa6eRwAAAAI
Thanks,
Ping
On Wed, Dec 12, 2018 at 5:07 AM Peter Briggs < peter.briggs@manchester.ac.uk> wrote:
Hello Ping
If you're using the YAML config then there isn't an equivalent of the "[filter:proxy-prefix]" section from the INI version of the config - this section doesn't seem to be required any more. So the two lines you already have in the 'galaxy' section of the YAML file should be sufficient i.e.
galaxy: #... filter-with: proxy-prefix cookie_path: '/galaxy'
However you also need to make sure that you have the correct options in the 'uwsgi' section of the YAML config file, and that your Apache configuration is set correctly to handle the proxy prefix. The relevant documentation for these is here (for 18.09):
https://docs.galaxyproject.org/en/release_18.09/admin/apache.html#serving-ga...
HTH
Best wishes
Peter
-- Peter Briggs peter.briggs@manchester.ac.uk Bioinformatics Core Facility University of Manchester B.1083 Michael Smith Bldg Tel: (0161) 2751482
------------------------------ *From:* galaxy-dev [galaxy-dev-bounces@lists.galaxyproject.org] on behalf of Ping Luo [luop0812@gmail.com] *Sent:* Wednesday, December 12, 2018 6:35 AM *To:* galaxy-dev *Subject:* [galaxy-dev] how to configure sub-uri in galaxy.yml
I am trying to configure Galaxy v18.09 wtih sub-uri. In prior 18.01, I use this configuration in conjunction with Apache rewrite rules and it works well:
[filter:proxy-prefix] use = egg:PasteDeploy#prefix prefix = /msgalaxy [app:main] filter-with = proxy-prefix cookie_path = '/galaxy'
In galaxy.yml, I know I need to uncomment and add the following
filter-with: proxy-prefix cookie_path: '/galaxy'
However, I don't know where and how to add filter:proxy-prefix. The comment in config.yml says:
# If running behind a proxy server and Galaxy is served from a # subdirectory, enable the proxy-prefix filter and set the prefix in # the [filter:proxy-prefix] section above.
which is for galaxy.ini file. An example on how to do it would be much appreciated.
Ping