I think I'd also need to change the proxy config to include the https

  <Proxy *>  
    AddDefaultCharset off
    Order Deny,Allow
    Allow from all
  </Proxy>     

  <Proxy https://144.174.51.187:8080>
            Order deny,allow
            Allow from all            
  </Proxy>


Even with that and your change... no luck.  I'll keep tinkering. 

-----Original Message-----
From: Kandalaft, Iyad [mailto:iyad.kandal...@agr.gc.ca] 
Sent: Tuesday, August 26, 2014 8:44 AM
To: Shrum, Donald C; Eric Rasche
Cc: galaxy-dev@lists.bx.psu.edu
Subject: RE: [galaxy-dev] ssl proxy

Sorry Don, I forgot the http"s" in the proxy line:
RewriteRule ^(.*) https://144.174.51.187:8080$1 [P]

That should do it :)



Iyad Kandalaft


-----Original Message-----
From: Shrum, Donald C [mailto:dcsh...@admin.fsu.edu]
Sent: Monday, August 25, 2014 9:27 PM
To: Kandalaft, Iyad; Eric Rasche
Cc: galaxy-dev@lists.bx.psu.edu
Subject: RE: [galaxy-dev] ssl proxy

I'm not using a virtual host.  Apache is just there as a proxy.  I tried the 
rewrite rules below...

I get a redirect from 80 to 443 as expected for the ldap authentication.  After 
authenticating I do not get redirected to 8080 for galaxy.  I've tried a few 
different ways and always get that.  I'll dig in tomorrow morning and after 
some coffee to see if I can figure it out.  

It's probably worth posting the solution in the docs.

-----Original Message-----
From: Kandalaft, Iyad [mailto:iyad.kandal...@agr.gc.ca]
Sent: Monday, August 25, 2014 8:42 PM
To: Eric Rasche; Shrum, Donald C
Cc: galaxy-dev@lists.bx.psu.edu
Subject: RE: [galaxy-dev] ssl proxy

Hi Eric

I'm not sure that he is using a virtual host on 443.  I suppose that a  
"redirect permanent" would work in either case, but I was thinking along the 
lines of:


RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

RewriteRule ^/static/style/(.*) 
/panfs/storage.local/opt/galaxy-dist/static/june_2007_style/blue/$1 [L] 
RewriteRule ^/static/scripts/(.*) 
/panfs/storage.local/opt/galaxy-dist/static/scripts/packed/$1 [L] RewriteRule 
^/static/(.*) /panfs/storage.local/opt/galaxy-dist/static/$1 [L] RewriteRule 
^/favicon.ico /panfs/storage.local/opt/galaxy-dist/static/favicon.ico [L]

RewriteRule ^/robots.txt /panfs/storage.local/opt/galaxy-dist/static/robots.txt 
[L] RewriteRule ^(.*) http://144.174.51.187:8080$1 [P]


What do you think?



Iyad Kandalaft
Bioinformatics Programmer
Microbial Biodiversity Bioinformatics
Science & Technology Branch
Agriculture & Agri-Food Canada
iyad.kandal...@agr.gc.ca | (613) 759-1228 ________________________________
From: galaxy-dev-boun...@lists.bx.psu.edu [galaxy-dev-boun...@lists.bx.psu.edu] 
on behalf of Eric Rasche [rasche.e...@yandex.ru]
Sent: August 25, 2014 4:21 PM
To: dcsh...@admin.fsu.edu
Cc: galaxy-dev@lists.bx.psu.edu
Subject: Re: [galaxy-dev] ssl proxy

We use:

<VirtualHost *:80>
  ServerName <our.server.fqdn>
  DocumentRoot "/var/www/"
  <Directory "/var/www/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted
  </Directory>
  Redirect permanent / https://<UrlBlockedError.aspx><our.server.fqdn>/
</VirtualHost>

Ours is managed with puppet so I've tried to redact the non-relevant blocks, 
but that should work for you.

Cheers,
Eric

On 08/25/2014 03:03 PM, Shrum, Donald C wrote:
> Hi all,
>
> I have a galaxy install with an apache proxy and ldap authentication.
>
> <Location />
>    RequestHeader set X-URL-SCHEME https
>    AuthBasicProvider ldap
>   Other stuff....
> </Location>
>
> RewriteEngine on
> RewriteRule ^/static/style/(.*)
> /panfs/storage.local/opt/galaxy-dist/static/june_2007_style/blue/$1
> [L] RewriteRule ^/static/scripts/(.*)
> /panfs/storage.local/opt/galaxy-dist/static/scripts/packed/$1 [L] 
> RewriteRule ^/static/(.*)
> /panfs/storage.local/opt/galaxy-dist/static/$1 [L] RewriteRule 
> ^/favicon.ico /panfs/storage.local/opt/galaxy-dist/static/favicon.ico
> [L] RewriteRule ^/robots.txt
> /panfs/storage.local/opt/galaxy-dist/static/robots.txt [L] RewriteRule
> ^(.*) http://144.174.51.187:8080$1 [P]
>
> What is the best way to manage the redirect from http to https for the 
> authentication?
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this and other 
> Galaxy lists, please use the interface at:
>   http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/mailinglists/



Eric Rasche
Programmer II
Center for Phage Technology
Texas A&M University
College Station, TX 77843
404-692-2048 <tel:4046922048>
e...@tamu.edu<mailto:e...@tamu.edu> <mailto:e...@tamu.edu><mailto:e...@tamu.edu>
--
Eric Rasche Programmer II Center for Phage Technology Texas A&M University 
College Station, TX 77843 404-692-2048 e...@tamu.edu<mailto:e...@tamu.edu> 
rasche.e...@yandex.ru<mailto:rasche.e...@yandex.ru>

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to