Hello developers,
I am attempting to install a local production copy of Galaxy on an SLES 11 machine running Apache 2.2.16 and PostgreSQL. It is important that we keep our data protected via password so I am trying to use Apache's standard .htaccess for security.
galaxy-dist is installed and running at /home/abrahamb2/galaxy-dist Apache's document root is /usr/local/apache/htdocs
I have been successful at protecting both /usr/local/apache/htdocs and /usr/local/apache/cgi-bin using the same .htaccess file in both directory that points to /usr/local/apache/.htpasswd for a password file/
I have attempted to use this working .htaccess in /home/abrahamb2/galaxy-dist with no success. I have also modified /usr/local/apache/conf/httpd.conf to AllowOverride and specifically with the following code:
<Directory "/home/abrahamb2/galaxy-dist"> Options Indexes FollowSymLinks AllowOverride AuthConfig Order allow,deny Allow from all
AuthType Basic AuthName Galaxy AuthUserFile /usr/local/apache/.htpasswd Require valid-user </Directory>
I previously tried to put galaxy-dist within /usr/local/apache/cgi-bin which not only failed but read on the wiki is not a great idea. Do you have any further suggestions for security configuration of this local installation?
Thank you, ~Brian J. Abraham Predoctoral Bioinformatics Fellow with Boston University Lab of Molecular Immunology National Heart, Lung and Blood Institute National Institutes of Health 10 Center Drive - Room 7B20A Bethesda, MD 20892
On Wed, Sep 29, 2010 at 04:44:25PM -0400, Brian J. Abraham wrote:
Hello developers,
I am attempting to install a local production copy of Galaxy on an SLES 11 machine running Apache 2.2.16 and PostgreSQL. It is important that we keep our data protected via password so I am trying to use Apache's standard .htaccess for security.
[snip]
<Directory "/home/abrahamb2/galaxy-dist"> Options Indexes FollowSymLinks AllowOverride AuthConfig Order allow,deny Allow from all
AuthType Basic AuthName Galaxy AuthUserFile /usr/local/apache/.htpasswd Require valid-user
</Directory>
Brian, I run galaxy on SLES11 behind a password wall and I did it using an Apache config like that described on the galaxy wiki:
http://bitbucket.org/galaxy/galaxy-central/wiki/Config/ApacheProxy
Rather than use <directory> stanzas to protect files on disk it puts the authentication requirements in the <location> block which is both safer and cleaner.
Also, you'll want to put that config in the /etc/apache2 area, likely in a vhost, not in a .htaccess file.
If you have any sles11 specific questions feel free to contact me directly, but what Nate has on the wiki worked for me.
galaxy-dev@lists.galaxyproject.org