Hi Terry, On Jun 22, 2010, at 7:30 PM, TRBarrette wrote:
Davide, I'd really like to see how you got it work.
Note that my galaxy configuration relies on a local mirror of the UCSC genome browser. Our galaxy runs as a multiserver (2 web servers on ports 8081 and 8082, one runner on 8100). I've installed mod_xsendfile as Nate suggested (http://tn123.ath.cx/mod_xsendfile/) and enabled it: LoadModule xsendfile_module /usr/lib/apache2/modules/mod_xsendfile.so I've configured apache to bind a virtual host to port 8080, which is now proxying galaxy: [begin apache conf for galaxy, I'll try to comment it] NameVirtualHost *:8080 <VirtualHost *:8080> ServerAdmin davide.cittaro@ifom-ieo-campus.it #Here comes the proxy stuff... I think you already have this :-) <Proxy localhost:8081> Order allow,deny Allow from all </Proxy> <Proxy localhost:8082> Order allow,deny Allow from all </Proxy> <Proxy balancer://multi-galaxy> BalancerMember http://localhost:8081 BalancerMember http://localhost:8082 </Proxy> ProxyPass / balancer://multi-galaxy RewriteEngine on RewriteRule ^(.*) http://localhost:8081$1 [P] RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L] RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L] RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L] RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L] <Location /> AuthType Basic AuthName Galaxy # Xsendfile as Nate suggested XSendFile On XSendFileAllowAbove On # I'm using our internal ldap, querying for name and email AuthBasicProvider ldap AuthLDAPURL "ldap://ldap.ifom-ieo-campus.it/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail Require ldap-filter objectClass=posixAccount </Location> # Set the http header to user e-mail so that galaxy is happy to authenticate :-) RequestHeader set REMOTE_USER %{AUTHENTICATE_MAIL}e <Location /root/display_as> Satisfy Any Order deny,allow Allow from genome.ifom-ieo-campus.it </Location> <LocationMatch /ucsc_(bam|big) > # This is to enable bam and bigWig (or bigBEd in the future) by traversing the proxy # Allow from our internal network # and set the http header to a fake email address, this is required because of galaxy architecture... Satisfy any Order deny,allow Allow from 85.239.0.0/255.255.0.0 RequestHeader set REMOTE_USER "ucsc_browser_display@ifom-ieo-campus.it" </LocationMatch> ErrorLog /var/log/apache2/galaxy-error.log LogLevel debug CustomLog /var/log/apache2/galaxy-access.log combined ServerSignature On </VirtualHost> [/end of apache conf file] After this comes the galaxy configuration file... this is pretty much the original one, I'll write only the differences for this scope: ucsc_display_sites = main,campus #where campus is our local mirror. I left "main" although we are behind a firewall and it cannot communicate... use_remote_user = True apache_xsendfile = True #remote_user_maildomain = #commented and left blank... well, this because I've already have the whole mail address in http header Then there are some mods I've done in galaxy code and files: In ${GALAXY_ROOT}/tool-data/shared/ucsc/ucsc_build_sites.txt I've added #Harvested from http://genome.ifom-ieo-campus.it/cgi-bin/das/dsn campus http://genome.ifom-ieo-campus.it/cgi-bin/hgTracks? hg19,hg18,hg17,mm9,mm8,rn4,danRer6,danRer5,ci2,ce6,ce4,cb3,dm3,sacCer2,sacCer1 To enable our "campus" UCSC mirror. Then I've modified a python file to enable our local mirror: diff -r 4cdf4cca0f31 lib/galaxy/web/framework/middleware/remoteuser.py --- a/lib/galaxy/web/framework/middleware/remoteuser.py Mon Jun 21 13:46:52 2010 -0400 +++ b/lib/galaxy/web/framework/middleware/remoteuser.py Wed Jun 23 10:34:03 2010 +0200 @@ -44,6 +44,7 @@ 'hgw6.cse.ucsc.edu', 'hgw7.cse.ucsc.edu', 'hgw8.cse.ucsc.edu', + 'genome.ifom-ieo-campus.it', ) UCSC_ARCHAEA_SERVERS = ( 'lowepub.cse.ucsc.edu', @@ -55,7 +56,7 @@ self.maildomain = maildomain self.allow_ucsc_main = False self.allow_ucsc_archaea = False - if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites: + if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites or 'campus' in ucsc_display_sites: self.allow_ucsc_main = True if 'archaea' in ucsc_display_sites: self.allow_ucsc_archaea = True @@ -69,7 +70,7 @@ host = None if ( self.allow_ucsc_main and host in UCSC_MAIN_SERVERS ) or \ ( self.allow_ucsc_archaea and host in UCSC_ARCHAEA_SERVERS ): - environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@example.org' + environ[ 'HTTP_REMOTE_USER' ] = 'ucsc_browser_display@ifom-ieo-campus.it' return self.app( environ, start_response ) # Apache sets REMOTE_USER to the string '(null)' when using the # Rewrite* method for passing REMOTE_USER and a user is I believe this is all... If your galaxy can communicate with main UCSC server you won't need some the patches above, but only the apache configuration. HTH d /* Davide Cittaro Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy tel.: +39(02)574303007 e-mail: davide.cittaro@ifom-ieo-campus.it */