David,

This is the approach recommended on the wiki for performance:

   http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy

Would be nice if your alternative approach using virtual hosts were similarly 
documented.

chris

On Jan 19, 2012, at 10:01 AM, David Hoover wrote:

> Why do you need to create a proxy?  The way I have ours set up is within a 
> virtual host:
> 
> <VirtualHost>
> 
>  <Location "/">
>    AuthName "Helix Systems"
>    AuthType Basic
>    AuthBasicProvider ldap
>    AuthzLDAPAuthoritative off
>    AuthLDAPUrl ldaps://helixdrive.nih.gov/ou=Users,ou=helix.nih.gov,o=scb?uid
>    AuthLDAPBindDN "cn=maccount,ou=Special,o=scb"
>    AuthLDAPBindPassword ********
>    Require valid-user
>    RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e
>    Options None
>    Order Allow,Deny
>    Allow from all
>  </Location>
> 
>  RewriteRule ^/static/style/(.*) 
> /data/galaxy/pro/static/june_2007_style/blue/$1 [L]
>  RewriteRule ^/static/scripts/(.*) /data/galaxy/pro/static/scripts/packed/$1 
> [L]
>  RewriteRule ^/static/(.*) /data/galaxy/pro/static/$1 [L]
>  RewriteRule ^/favicon.ico /data/galaxy/pro/static/favicon.ico [L] 
>  RewriteRule ^/robots.txt /data/galaxy/pro/static/robots.txt [L]
>  RewriteRule ^(.*) http://helixweb4.cit.nih.gov:8080$1 [P]
> 
> </VirtualHost>
> 
> David
> 
> 
> On Jan 19, 2012, at 10:49 AM, Sarah Maman wrote:
> 
>> Hi Brad, Hi Christopher,
>> 
>> Thanks a lot.
>> I'm talking to Open LDAP. I have changed
>> 
>> RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e
>> to
>> RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e
>> 
>> But I always have the same message /(Access to Galaxy is denied
>> Galaxy is configured to authenticate users via an external method (such as 
>> HTTP authentication in Apache), but a username was not provided by the 
>> upstream (proxy) server. This is generally due to a misconfiguration in the 
>> upstream server. )/
>> 
>> This is my .conf file :
>> <Proxy http://localhost:8080>
>>          Order deny,allow
>>          Allow from all
>>      </Proxy>
>> 
>>      RewriteEngine on
>> 
>>      <Location "/">
>>              AuthType Basic
>>              AuthName Galaxy
>>              AuthBasicProvider ldap
>>              AuthLDAPURL 
>> "ldap://server/ou=People,ou=genopole,ou=toulouse,o=inra,c=fr?u
>> id?sub?(objectClass=person)"
>>              AuthzLDAPAuthoritative off
>>              Require valid-user
>>              # Take the $REMOTE_USER environment variable and set it as a 
>> header in the proxy request.
>>              #RewriteCond %{IS_SUBREQ} ^false$
>>              #RewriteCond %{LA-U:REMOTE_USER} (.+)
>>              #RewriteRule . - [E=RU:%1]
>>              #RequestHeader set REMOTE_USER %{RU}e
>>              RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e
>>      </Location>
>> 
>> 
>> Thanks in advance,
>> Sarah
>> 
>> 
>> 
>> 
>> Langhorst, Brad a écrit :
>>> Hi Sarah:
>>> 
>>> I don't know what kind of LDAP you're talking to... I'm talking to Active
>>> Directory and this configuration works in that situation.
>>> 
>>> Order allow,deny
>>>               allow from all
>>> 
>>>               AuthType Basic
>>>               AuthName "NEB Credentials"
>>>               AuthBasicProvider ldap
>>>               AuthzLDAPAuthoritative off
>>>               AuthLDAPBindDN ccaloo...@neb.com
>>>               AuthLDAPBindPassword <password>
>>>               AuthLDAPURL
>>> "ldap://<ldap.domain.com>:389/dc=domain,dc=com?sAMAccountName"
>>>               require valid-user
>>>                               RewriteCond %{IS_SUBREQ} ^false$
>>>               RewriteCond %{LA-U:REMOTE_USER} (.+)
>>>               RewriteRule . - [E=RU:%1]
>>>               RequestHeader set REMOTE_USER
>>> %{AUTHENTICATE_sAMAccountName}e
>>> 
>>> 
>>> 
>> 
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>> 
>> http://lists.bx.psu.edu/
> 


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to