I'm trying to install Galaxy behind an Apache proxy using mod_auth_cas for user authentication. I've got a ways in but am now stuck with galaxy not getting the REMOTE_USER. Has anyone deployed with this module?
I have use_remote_user = true on in my universe_wsgi.ini along with a valid maildomain.
Here's my apache config:
NameVirtualHost galaxy.utah.edu:80 NameVirtualHost galaxy.utah.edu:443
CASLoginURL https://go.utah.edu/cas/login CASValidateURL https://go.utah.edu/cas/serviceValidate CASValidateServer Off CASAllowWildcardCert On CASCertificatePath /etc/pki/tls/certs/ca-bundle.trust.crt CASCookiePath /var/run/mod_auth_cas/ CASTimeout 3600 CASIdleTimeout 1800 CASDebug On
<VirtualHost 155.101.xx.40:80> RedirectPermanent / https://galaxy.utah.edu/ </VirtualHost>
<VirtualHost galaxy.utah.edu:443> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite HIGH:-aNULL:-eNULL
# Export the SSL environment variables to scripts <Files ~ ".(cgi|pl|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files>
# Protocol adjustments for broken clients SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
SSLCertificateFile /etc/pki/tls/certs/wildcard.utah.edu.crt SSLCertificateKeyFile /etc/pki/tls/certs/wildcard.utah.edu.key SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
<Proxy http://localhost:8080%3E Order deny,allow Allow from all </Proxy> RewriteEngine on
<Location "/"> AuthType CAS AuthName Galaxy Require valid-user
# CASAuthNHeader REMOTE_SHMUSER
# Take the $REMOTE_USER environment variable and set it as a header in the proxy request. RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{LA-U:REMOTE_USER} (.+) # RewriteCond %{LA-U:REMOTE_SHMUSER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE_USER %{RU}e
XSendFile on XSendFilePath / # Compress all uncompressed content. SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI .(?:t?gz|zip|bz2)$ no-gzip dont-vary SetEnvIfNoCase Request_URI /history/export_archive no-gzip dont-vary
RequestHeader set X-URL-SCHEME https </Location> <Location "/static"> # Allow browsers to cache everything from /static for 6 hours ExpiresActive On ExpiresDefault "access plus 6 hours" </Location>
ServerName galaxy.utah.edu RewriteRule ^/static/style/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/scripts/packed/$1 [L] RewriteRule ^/static/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/$1 [L] RewriteRule ^/favicon.ico /uufs/utah.edu/sys/pkg/galaxy/std/static/favicon.ico [L] RewriteRule ^/robots.txt /uufs/utah.edu/sys/pkg/galaxy/std/static/robots.txt [L] RewriteRule ^(.*) http://localhost:8080$1 [P]
</VirtualHost>
Any help is appreciated.
Steve Harper Systems Administrator Center for High Performance Computing University of Utah
galaxy-dev@lists.galaxyproject.org