Davide, Nate, Brad Davide, Thanks for the configuration, there are many aspects here (ldap, load balancing) that I will be working toward and this is a great help. Unfortunately I am still missing something here. I don't have any auth running right now. I am using just the default setup of apache. I am using the RewriteRule set from galaxy-wiki. I installed and loaded the xsendfile_module I added the <Location "/" directive with the XsendFile on to allow anything to be xsend available (this is 'get it to work' phase). Still no joy. The request comes back from ucsc hits apache with the specific byte request. That gets passed to the galaxy service and which interprets it and returns the entire file part of which loads at ucsc. It seems that I am not getting the pass to the XsendFile handled correctly. I've attached a comment deleted http.conf, a universe_wsgi.ini, a tail of the http access_log and a tail of the paster.log In the process I've tried adding and removing each stanza from Davide's example setup. The http.conf is what makes sense to me now, seeing as there is no auth and this setup is preliminary to get things working before bringing the site up to fully functional. It seems that the RewriteRule is functional without proxy or with it. I've tried it with a proxy stanza and without. The galaxy part of the http.conf is pretty simple at the end. Originally, I didn't bother to move the DocumentRoot seeing as all traffic was redirected via the RewriteRules. I allowed XSendFile to / in this example but I've also tried /galaxy/galaxy-dist where the application is at. The bam file is located on the nfs share at /exds/galaxy/galaxy-dist/database/files. ### added for galaxy ### #rewrite rules for apache RewriteEngine On RewriteRule ^/static/style/(.*) /galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L] Rewriterule ^/static/(.*) /galaxy/galaxy-dist/static/$1 [L] RewriteRule ^/images/(.*) /galaxy/galaxy-dist/images(.*) [L] RewriteRule ^/favicon.ico /galaxy/galaxy-dist/favicon.ico [L] RewriteRule ^/robots.txt /galaxy/galaxy-dist/robots.txt [L] RewriteRule ^(.*) http://localhost:8080$1 [P] #eos rewrite rules for apache #apache_xsendfile directive# <Location "/" > Satisfy Any order allow,deny allow from all XSendFile on XSendFileAllowAbove on </Location> #eos apache_xsendfile directive# ### eos added for galaxy ### I'm missing something obvious, thanks for any help. Terry On 6/23/2010 4:39 AM, Davide Cittaro wrote:
Hi Terry, On Jun 22, 2010, at 7:30 PM, TRBarrette wrote:
Davide, I'd really like to see how you got it work.
Note that my galaxy configuration relies on a local mirror of the UCSC genome browser. Our galaxy runs as a multiserver (2 web servers on ports 8081 and 8082, one runner on 8100). I've installed mod_xsendfile as Nate suggested (http://tn123.ath.cx/mod_xsendfile/) and enabled it:
LoadModule xsendfile_module /usr/lib/apache2/modules/mod_xsendfile.so
I've configured apache to bind a virtual host to port 8080, which is now proxying galaxy:
[begin apache conf for galaxy, I'll try to comment it]
NameVirtualHost *:8080 <VirtualHost *:8080> ServerAdmin davide.cittaro@ifom-ieo-campus.it <mailto:davide.cittaro@ifom-ieo-campus.it> #Here comes the proxy stuff... I think you already have this :-) <Proxy localhost:8081> Order allow,deny Allow from all </Proxy> <Proxy localhost:8082> Order allow,deny Allow from all </Proxy> <Proxy balancer://multi-galaxy> BalancerMember http://localhost:8081 BalancerMember http://localhost:8082 </Proxy> ProxyPass / balancer://multi-galaxy
RewriteEngine on RewriteRule ^(.*) http://localhost:8081$1 [P] RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L] RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L] RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L] RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L]
<Location /> AuthType Basic AuthName Galaxy # Xsendfile as Nate suggested XSendFile On XSendFileAllowAbove On # I'm using our internal ldap, querying for name and email AuthBasicProvider ldap AuthLDAPURL "ldap://ldap.ifom-ieo-campus.it/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*) <ldap://ldap.ifom-ieo-campus.it/dc=ifom-ieo-campus,dc=it?cn,mail?sub?%28cn=*%29>" AuthLDAPRemoteUserAttribute mail Require ldap-filter objectClass=posixAccount </Location> # Set the http header to user e-mail so that galaxy is happy to authenticate :-) RequestHeader set REMOTE_USER %{AUTHENTICATE_MAIL}e
<Location /root/display_as> Satisfy Any Order deny,allow Allow from genome.ifom-ieo-campus.it <http://genome.ifom-ieo-campus.it> </Location>
<LocationMatch /ucsc_(bam|big) > # This is to enable bam and bigWig (or bigBEd in the future) by traversing the proxy # Allow from our internal network # and set the http header to a fake email address, this is required because of galaxy architecture... Satisfy any Order deny,allow Allow from 85.239.0.0/255.255.0.0 RequestHeader set REMOTE_USER "ucsc_browser_display@ifom-ieo-campus.it <mailto:ucsc_browser_display@ifom-ieo-campus.it>" </LocationMatch>
ErrorLog /var/log/apache2/galaxy-error.log LogLevel debug CustomLog /var/log/apache2/galaxy-access.log combined ServerSignature On </VirtualHost> [/end of apache conf file]
After this comes the galaxy configuration file... this is pretty much the original one, I'll write only the differences for this scope:
ucsc_display_sites = main,campus #where campus is our local mirror. I left "main" although we are behind a firewall and it cannot communicate... use_remote_user = True apache_xsendfile = True #remote_user_maildomain = #commented and left blank... well, this because I've already have the whole mail address in http header
Then there are some mods I've done in galaxy code and files:
In ${GALAXY_ROOT}/tool-data/shared/ucsc/ucsc_build_sites.txt I've added
#Harvested from http://genome.ifom-ieo-campus.it/cgi-bin/das/dsn campus http://genome.ifom-ieo-campus.it/cgi-bin/hgTracks? hg19,hg18,hg17,mm9,mm8,rn4,danRer6,danRer5,ci2,ce6,ce4,cb3,dm3,sacCer2,sacCer1
To enable our "campus" UCSC mirror. Then I've modified a python file to enable our local mirror:
diff -r 4cdf4cca0f31 lib/galaxy/web/framework/middleware/remoteuser.py --- a/lib/galaxy/web/framework/middleware/remoteuser.py Mon Jun 21 13:46:52 2010 -0400 +++ b/lib/galaxy/web/framework/middleware/remoteuser.py Wed Jun 23 10:34:03 2010 +0200 @@ -44,6 +44,7 @@ 'hgw6.cse.ucsc.edu', 'hgw7.cse.ucsc.edu', 'hgw8.cse.ucsc.edu', + 'genome.ifom-ieo-campus.it', ) UCSC_ARCHAEA_SERVERS = ( 'lowepub.cse.ucsc.edu', @@ -55,7 +56,7 @@ self.maildomain = maildomain self.allow_ucsc_main = False self.allow_ucsc_archaea = False - if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites: + if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites or 'campus' in ucsc_display_sites: self.allow_ucsc_main = True if 'archaea' in ucsc_display_sites: self.allow_ucsc_archaea = True @@ -69,7 +70,7 @@ host = None if ( self.allow_ucsc_main and host in UCSC_MAIN_SERVERS ) or \ ( self.allow_ucsc_archaea and host in UCSC_ARCHAEA_SERVERS ): - environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@example.org <mailto:%27ucsc_browser_display@example.org>' + environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@ifom-ieo-campus.it <mailto:%27ucsc_browser_display@ifom-ieo-campus.it>' return self.app( environ, start_response ) # Apache sets REMOTE_USER to the string '(null)' when using the # Rewrite* method for passing REMOTE_USER and a user is
I believe this is all... If your galaxy can communicate with main UCSC server you won't need some the patches above, but only the apache configuration.
HTH
d
/* Davide Cittaro
Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy
tel.: +39(02)574303007 e-mail: davide.cittaro@ifom-ieo-campus.it <mailto:davide.cittaro@ifom-ieo-campus.it> */