On Apr 29, 2012, at 1:50 AM, Peter van Heusden wrote:

> Hey there
> 
> The instructions on using REMOTE_USER with nginx are still a bit vague
> in the wiki, so let me share how I got this working with nginx's
> http_auth_pam module and our local Kerberos setup. Really simple actually:
> 
> First, I created a pam.d entry for nginx, as follows:
> 
> auth    [success=1 default=ignore]    pam_krb5.so minimum_uid=1000
> ignore_k5login
> auth    requisite            pam_deny.so
> auth    required            pam_permit.so
> 
> That can of course be adapted for your authentication scheme of choice.
> 
> The, after recompiling nginx to add the module (I actually used the
> source from the Ubuntu .deb and installed from this customised .deb), I
> added:
> 
>                auth_pam "SANBI Galaxy (dev)";
>                auth_pam_service_name "nginx";
>                proxy_set_header REMOTE_USER $remote_user;
> 
> That auth_pam_service_name must be the name of the file you add in
> /etc/pam.d. So the complete location clause is now:
> 
>        location / {
>                auth_pam "SANBI Galaxy (dev)";
>                auth_pam_service_name "nginx";
>                proxy_set_header REMOTE_USER $remote_user;
>                proxy_pass http://galaxy_app;
>                proxy_set_header X-Forwarded-Host $host;
>                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>                proxy_set_header X-URL-SCHEME https;
>        }
> 
> Finally, set:
> 
> use_remote_user = True
> remote_user_maildomain = <YOUR DOMAIN NAME>
> 
> And restart nginx and galaxy, and you're done. Of course, since you're
> using Basic authentication, you should make sure that you are using ssl too.
> 
> If this all looks ok, maybe someone can update the wiki?

Hi Peter,

I've updated the wiki with your findings.

Thanks!
--nate

> 
> Peter
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> 
>  http://lists.bx.psu.edu/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to