I've configured apache to bind a virtual host to port 8080, which is now proxying galaxy:
NameVirtualHost *:8080
<VirtualHost *:8080>
#Here comes the proxy stuff... I think you already have this :-)
<Proxy localhost:8081>
Order allow,deny
Allow from all
</Proxy>
<Proxy localhost:8082>
Order allow,deny
Allow from all
</Proxy>
</Proxy>
RewriteEngine on
RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L]
RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L]
RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L]
RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L]
RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L]
<Location />
AuthType Basic
AuthName Galaxy
# Xsendfile as Nate suggested
XSendFile On
XSendFileAllowAbove On
# I'm using our internal ldap, querying for name and email
AuthBasicProvider ldap
AuthLDAPRemoteUserAttribute mail
Require ldap-filter objectClass=posixAccount
</Location>
# Set the http header to user e-mail so that galaxy is happy to authenticate :-)
RequestHeader set REMOTE_USER %{AUTHENTICATE_MAIL}e
<Location /root/display_as>
Satisfy Any
Order deny,allow
</Location>
<LocationMatch /ucsc_(bam|big) >
# This is to enable bam and bigWig (or bigBEd in the future) by traversing the proxy
# Allow from our internal network
# and set the http header to a fake email address, this is required because of galaxy architecture...
Satisfy any
Order deny,allow
Allow from 85.239.0.0/255.255.0.0
</LocationMatch>
ErrorLog /var/log/apache2/galaxy-error.log
LogLevel debug
CustomLog /var/log/apache2/galaxy-access.log combined
ServerSignature On
</VirtualHost>
[/end of apache conf file]
After this comes the galaxy configuration file... this is pretty much the original one, I'll write only the differences for this scope:
ucsc_display_sites = main,campus #where campus is our local mirror. I left "main" although we are behind a firewall and it cannot communicate...
use_remote_user = True
apache_xsendfile = True
#remote_user_maildomain = #commented and left blank... well, this because I've already have the whole mail address in http header
Then there are some mods I've done in galaxy code and files:
In ${GALAXY_ROOT}/tool-data/shared/ucsc/ucsc_build_sites.txt I've added
campus
http://genome.ifom-ieo-campus.it/cgi-bin/hgTracks? hg19,hg18,hg17,mm9,mm8,rn4,danRer6,danRer5,ci2,ce6,ce4,cb3,dm3,sacCer2,sacCer1
To enable our "campus" UCSC mirror. Then I've modified a python file to enable our local mirror:
diff -r 4cdf4cca0f31 lib/galaxy/web/framework/middleware/remoteuser.py
--- a/lib/galaxy/web/framework/middleware/remoteuser.py Mon Jun 21 13:46:52 2010 -0400
+++ b/lib/galaxy/web/framework/middleware/remoteuser.py Wed Jun 23 10:34:03 2010 +0200
@@ -44,6 +44,7 @@
'hgw6.cse.ucsc.edu',
'hgw7.cse.ucsc.edu',
'hgw8.cse.ucsc.edu',
+ 'genome.ifom-ieo-campus.it',
)
UCSC_ARCHAEA_SERVERS = (
'lowepub.cse.ucsc.edu',
@@ -55,7 +56,7 @@
self.maildomain = maildomain
self.allow_ucsc_main = False
self.allow_ucsc_archaea = False
- if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites:
+ if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites or 'campus' in ucsc_display_sites:
self.allow_ucsc_main = True
if 'archaea' in ucsc_display_sites:
self.allow_ucsc_archaea = True
@@ -69,7 +70,7 @@
host = None
if ( self.allow_ucsc_main and host in UCSC_MAIN_SERVERS ) or \
( self.allow_ucsc_archaea and host in UCSC_ARCHAEA_SERVERS ):
return self.app( environ, start_response )
# Apache sets REMOTE_USER to the string '(null)' when using the
# Rewrite* method for passing REMOTE_USER and a user is
I believe this is all... If your galaxy can communicate with main UCSC server you won't need some the patches above, but only the apache configuration.
HTH
d