Hey there

The instructions on using REMOTE_USER with nginx are still a bit vague
in the wiki, so let me share how I got this working with nginx's
http_auth_pam module and our local Kerberos setup. Really simple actually:

First, I created a pam.d entry for nginx, as follows:

auth    [success=1 default=ignore]    pam_krb5.so minimum_uid=1000
auth    requisite            pam_deny.so
auth    required            pam_permit.so

That can of course be adapted for your authentication scheme of choice.

The, after recompiling nginx to add the module (I actually used the
source from the Ubuntu .deb and installed from this customised .deb), I

                auth_pam "SANBI Galaxy (dev)";
                auth_pam_service_name "nginx";
                proxy_set_header REMOTE_USER $remote_user;

That auth_pam_service_name must be the name of the file you add in
/etc/pam.d. So the complete location clause is now:

        location / {
                auth_pam "SANBI Galaxy (dev)";
                auth_pam_service_name "nginx";
                proxy_set_header REMOTE_USER $remote_user;
                proxy_pass http://galaxy_app;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-URL-SCHEME https;

Finally, set:

use_remote_user = True
remote_user_maildomain = <YOUR DOMAIN NAME>

And restart nginx and galaxy, and you're done. Of course, since you're
using Basic authentication, you should make sure that you are using ssl too.

If this all looks ok, maybe someone can update the wiki?

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:


Reply via email to