Davide, Nate, Brad
Davide, Thanks for the configuration, there are many aspects here (ldap, load balancing) that I will be working toward and this is a great help.

Unfortunately I am still missing something here.
I don't have any auth running right now.
I am using just the default setup of apache.
I am using the RewriteRule set from galaxy-wiki.
I installed and loaded the xsendfile_module
I added the <Location "/" directive with the XsendFile on to allow anything to be xsend available (this is 'get it to work' phase).

Still no joy.

The request comes back from ucsc hits apache with the specific byte request.  That gets passed to the galaxy service and which interprets it and returns the entire file part of which loads at ucsc.  It seems that I am not getting the pass to the XsendFile handled correctly.

I've attached a comment deleted http.conf, a universe_wsgi.ini, a tail of the http access_log and a tail of the paster.log

In the process I've tried adding and removing each stanza from Davide's example setup.  The http.conf is what makes sense to me now, seeing as there is no auth and this setup is preliminary to get things working before bringing the site up to fully functional.  It seems that the RewriteRule is functional without proxy or with it.  I've tried it with a proxy stanza and without.  The galaxy part of the http.conf is pretty simple at the end.  Originally, I didn't bother to move the DocumentRoot seeing as all traffic was redirected via the RewriteRules.  I allowed XSendFile to / in this example but I've also tried /galaxy/galaxy-dist where the application is at.  The bam file is located on the nfs share at /exds/galaxy/galaxy-dist/database/files.

### added for galaxy ###
#rewrite rules for apache
RewriteEngine On
RewriteRule ^/static/style/(.*) /galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
Rewriterule ^/static/(.*) /galaxy/galaxy-dist/static/$1 [L]
RewriteRule ^/images/(.*) /galaxy/galaxy-dist/images(.*) [L]
RewriteRule ^/favicon.ico /galaxy/galaxy-dist/favicon.ico [L]
RewriteRule ^/robots.txt /galaxy/galaxy-dist/robots.txt [L]
RewriteRule ^(.*) http://localhost:8080$1 [P]
#eos rewrite rules for apache
#apache_xsendfile directive#
<Location "/" >
    Satisfy Any
    order allow,deny
    allow from all
    XSendFile on
    XSendFileAllowAbove on
</Location>
#eos apache_xsendfile directive#
### eos added for galaxy ###

I'm missing something obvious, thanks for any help.
Terry



On 6/23/2010 4:39 AM, Davide Cittaro wrote:
Hi Terry,
On Jun 22, 2010, at 7:30 PM, TRBarrette wrote:

Davide,
I'd really like to see how you got it work.

Note that my galaxy configuration relies on a local mirror of the UCSC genome browser. Our galaxy runs as a multiserver (2 web servers on ports 8081 and 8082, one runner on 8100). I've installed mod_xsendfile as Nate suggested (http://tn123.ath.cx/mod_xsendfile/) and enabled it:

LoadModule xsendfile_module /usr/lib/apache2/modules/mod_xsendfile.so

I've configured apache to bind a virtual host to port 8080, which is now proxying galaxy:

[begin apache conf for galaxy, I'll try to comment it]

NameVirtualHost *:8080
<VirtualHost *:8080>
        ServerAdmin davide.cittaro@ifom-ieo-campus.it
#Here comes the proxy stuff... I think you already have this :-)
        <Proxy localhost:8081>
                Order allow,deny
                Allow from all
        </Proxy>
        <Proxy localhost:8082>
                Order allow,deny
                Allow from all
        </Proxy>
        <Proxy balancer://multi-galaxy>
                BalancerMember http://localhost:8081
                BalancerMember http://localhost:8082
        </Proxy>
        ProxyPass / balancer://multi-galaxy

        RewriteEngine on
        RewriteRule ^(.*) http://localhost:8081$1 [P]
        RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L]
        RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L]
        RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L]
        RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L]
        RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L]

        <Location />
                AuthType Basic
                AuthName Galaxy
# Xsendfile as Nate suggested
                XSendFile On
                XSendFileAllowAbove On
# I'm using our internal ldap, querying for name and email
                AuthBasicProvider ldap
                AuthLDAPURL "ldap://ldap.ifom-ieo-campus.it/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)"
                AuthLDAPRemoteUserAttribute mail
                Require ldap-filter objectClass=posixAccount
        </Location>
# Set the http header to user e-mail so that galaxy is happy to authenticate :-)
        RequestHeader set REMOTE_USER %{AUTHENTICATE_MAIL}e

        <Location /root/display_as>
                Satisfy Any
                Order deny,allow
                Allow from genome.ifom-ieo-campus.it
        </Location>

        <LocationMatch /ucsc_(bam|big) >
# This is to enable bam and bigWig (or bigBEd in the future) by traversing the proxy
# Allow from our internal network
# and set the http header to a fake email address, this is required because of galaxy architecture...
                Satisfy any
                Order deny,allow
                Allow from 85.239.0.0/255.255.0.0
                RequestHeader set REMOTE_USER "ucsc_browser_display@ifom-ieo-campus.it"
        </LocationMatch>

        ErrorLog /var/log/apache2/galaxy-error.log
        LogLevel debug
        CustomLog /var/log/apache2/galaxy-access.log combined
        ServerSignature On
</VirtualHost>
[/end of apache conf file]

After this comes the galaxy configuration file... this is pretty much the original one, I'll write only the differences for this scope:

ucsc_display_sites = main,campus #where campus is our local mirror. I left "main" although we are behind a firewall and it cannot communicate...
use_remote_user = True
apache_xsendfile = True
#remote_user_maildomain =  #commented and left blank... well, this because I've already have the whole mail address in http header


Then there are some mods I've done in galaxy code and files:

In ${GALAXY_ROOT}/tool-data/shared/ucsc/ucsc_build_sites.txt I've added

campus   http://genome.ifom-ieo-campus.it/cgi-bin/hgTracks?      hg19,hg18,hg17,mm9,mm8,rn4,danRer6,danRer5,ci2,ce6,ce4,cb3,dm3,sacCer2,sacCer1

To enable our "campus" UCSC mirror. Then I've modified a python file to enable our local mirror:

diff -r 4cdf4cca0f31 lib/galaxy/web/framework/middleware/remoteuser.py
--- a/lib/galaxy/web/framework/middleware/remoteuser.py Mon Jun 21 13:46:52 2010 -0400
+++ b/lib/galaxy/web/framework/middleware/remoteuser.py Wed Jun 23 10:34:03 2010 +0200
@@ -44,6 +44,7 @@
     'hgw6.cse.ucsc.edu',
     'hgw7.cse.ucsc.edu',
     'hgw8.cse.ucsc.edu',
+    'genome.ifom-ieo-campus.it',
 )
 UCSC_ARCHAEA_SERVERS = (
     'lowepub.cse.ucsc.edu',
@@ -55,7 +56,7 @@
         self.maildomain = maildomain
         self.allow_ucsc_main = False
         self.allow_ucsc_archaea = False
-        if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites:
+        if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites  or 'campus' in ucsc_display_sites:
             self.allow_ucsc_main = True
         if 'archaea' in ucsc_display_sites:
             self.allow_ucsc_archaea = True
@@ -69,7 +70,7 @@
                 host = None
             if ( self.allow_ucsc_main and host in UCSC_MAIN_SERVERS ) or \
                ( self.allow_ucsc_archaea and host in UCSC_ARCHAEA_SERVERS ):
-                environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@example.org'
+                environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@ifom-ieo-campus.it'
                 return self.app( environ, start_response )
         # Apache sets REMOTE_USER to the string '(null)' when using the
         # Rewrite* method for passing REMOTE_USER and a user is

I believe this is all... If your galaxy can communicate with main UCSC server you won't need some the patches above, but only the apache configuration.

HTH

d


/*
Davide Cittaro

Cogentech - Consortium for Genomic Technologies
via adamello, 16
20139 Milano
Italy

tel.: +39(02)574303007
e-mail: davide.cittaro@ifom-ieo-campus.it
*/