Il 03/11/15 11:53, Makis Ladoukakis ha scritto:



Nothing seems to work on my server. Is Galaxy even compatible with
CentOS? Is there something else that I am missing?


Hello, I'm running a production Galaxy Server on CentOS and I can assure you it is perfectly feasible. But I'm using NGINX as a web server so I'm not able to help you with Apache configuration, sorry. Did you try to use NGINX instead of Apache in order to see if the problem is Apache related or system related?

Best,
Federico Z.




------------------------------------------------------------------------
From: david.trudg...@utsouthwestern.edu
To: makis4e...@hotmail.com; jcsanch...@gmail.com
CC: galaxy-...@lists.bx.psu.edu
Date: Fri, 23 Oct 2015 17:30:51 +0000
Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
refused

SELinux policies are very strict on CentOS by default. Apache isn’t
allowed to access files outside of its standard directories, nor access
network resources. Your local Galaxy apps server is a network resource –
even though it’s local.

If you want to keep SELinux on then use audit2allow to see what policies
will enable access:

cat /var/log/audit/audit.log | audit2allow –v

Then you can use setsebool (temporary) and setsebool –P (permanent) to
enable.

--
David Trudgian Ph.D.
Computational Scientist, BioHPC
UT Southwestern Medical Center
Dallas, TX 75390-9039
Tel: (214) 648-4833

*From:*galaxy-dev [mailto:galaxy-dev-boun...@lists.galaxyproject.org]
*On Behalf Of *Makis Ladoukakis
*Sent:* Friday, October 23, 2015 10:30 AM
*To:* Juan Carlos <jcsanch...@gmail.com>
*Cc:* galaxy-...@lists.bx.psu.edu
*Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
refused

Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the
tcp_socket port 8081.

Any idea why?

Kind regards,
Makis

------------------------------------------------------------------------

Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
refused
From: jcsanch...@gmail.com <mailto:jcsanch...@gmail.com>
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: galaxy-...@lists.bx.psu.edu <mailto:galaxy-...@lists.bx.psu.edu>
To: makis4e...@hotmail.com <mailto:makis4e...@hotmail.com>

Hi,

If you have a line in your Apache conf like

"Listen 80"

change to

"Listen 8081"


On 20 Oct 2015, at 21:00, Makis Ladoukakis <makis4e...@hotmail.com
<mailto:makis4e...@hotmail.com>> wrote:

    Hello,

    I am sorry but I have really no experience with setting up the
    Apache web server so I am not really sure how to do that. Can you
    please help me out with it? My apache configuration file is in
    /etc/httpd/conf/ directory and there are no directories such as
    /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
    installation).

    What I did already (after some advice from the server admin) is open
    up the 8081 port like that:

    firewall-cmd  --permanent  --add-port=8081/tcp

    firewall-cmd  --reload


    and then I got another error:

      [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
    found or unable to stat: /var/www/cgi-bin/common

    [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
    Cannot serve directory /var/www/html/: No matching DirectoryIndex
    (index.html,index.php) found, and server-generated directory index
    forbidden by Options directive


    which I tried to solve by adding welcome.html as a recognizable
    filename in the apache configuration:

    <IfModule dir_module>
    DirectoryIndex index.html welcome.html
    </IfModule>


    but nothing worked and now the error_log shows the following:

    [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
    AH00170: caught SIGWINCH, shutting down gracefully
    [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
    policy enabled; httpd running as context system_u:system_r:httpd_t:s0
    [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
    AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
    module wsgi_module is already loaded, skipping
    [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
    AH01757: generating secret for digest authentication ...
    [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
    46896] AH02282: No slotmem from mod_heartmonitor
    [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
    AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
    configured -- resuming normal operations
    [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
    Command line: '/usr/sbin/httpd -D FOREGROUND'

    And the webpage that galaxy is supposed to appear is still blank.

    Any ideas?

    Thank you,
    Makis

    ------------------------------------------------------------------------

    Date: Tue, 20 Oct 2015 11:01:44 +1030
    Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
    connection refused
    From: jcsanch...@gmail.com <mailto:jcsanch...@gmail.com>
    To: makis4e...@hotmail.com <mailto:makis4e...@hotmail.com>
    CC: galaxy-...@lists.bx.psu.edu <mailto:galaxy-...@lists.bx.psu.edu>

    hi,

    Maybe sounds silly, but have you tried to put the apache
    configuration in a virtual host within the sites-enable site?

    cheers

    jc

    On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
    <makis4e...@hotmail.com <mailto:makis4e...@hotmail.com>> wrote:

        Forwading to this list too. I am not sure if they are two
        separate lists.

        Makis

        ------------------------------------------------------------------------

        From: makis4e...@hotmail.com <mailto:makis4e...@hotmail.com>
        To: galaxy-dev@lists.galaxyproject.org
        <mailto:galaxy-dev@lists.galaxyproject.org>
        Date: Mon, 19 Oct 2015 17:04:13 +0300
        Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
        refused

        Dear all,

        I've been trying to set up a Galaxy instance on my CentOS server
        but even when I manage to run the simplest configuration
        correctly I can't seem to get it right on my browser as the
        connection is refused.

        I have changed the host to 0.0.0.0, the port to 8081 and made
        the appropriate changes in Apache configuration file:

        RewriteEngine on
        RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
        RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
        RewriteRule ^/galaxy_test/static/style/(.*)
        /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
        RewriteRule ^/galaxy_test/static/scripts/(.*)
        /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
        RewriteRule ^/galaxy_test/static/(.*)
        /home/galaxy_test/galaxy/static/$1 [L]
        RewriteRule ^/galaxy_test/favicon.ico
        /home/galaxy_test/galaxy/static/favicon.ico [L]
        RewriteRule ^/galaxy_test/robots.txt
        /home/galaxy_test/galaxy/static/robots.txt [L]

        So when I tried to run it the first time I got the "temporarily
        out of service" error on my browser and the following error in
        apache log:

        [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
        (13)Permission denied: AH00957: HTTP: attempt to connect to
        127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
        [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
        [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
        AH01114: HTTP: failed to make connection to backend: localhost

        Searching the internet I found the following solution:

        /usr/sbin/setsebool httpd_can_network_connect 1
        /usr/sbin/setsebool -P httpd_can_network_connect 1


        but when I restarted my galaxy my browser would now show just a
        blank page and the error log of apache was:

        [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
        (111)Connection refused: AH00957: HTTP: attempt to connect to
        127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
        [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
        [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
        AH01114: HTTP: failed to make connection to backend: localhost


        Has anyone encountered that?

        Kind regards,
        Makis






        P.S. In case that helps the output of iptables -L is the following:
        Chain INPUT (policy ACCEPT)
        target     prot opt source               destination
        ACCEPT     all  --  anywhere             anywhere
        ctstate RELATED,ESTABLISHED
        ACCEPT     all  --  anywhere             anywhere
        INPUT_direct  all  --  anywhere             anywhere
        INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
        INPUT_ZONES  all  --  anywhere             anywhere
        ACCEPT     icmp --  anywhere             anywhere
        REJECT     all  --  anywhere             anywhere
        reject-with icmp-host-prohibited

        Chain FORWARD (policy ACCEPT)
        target     prot opt source               destination
        ACCEPT     all  --  anywhere             anywhere
        ctstate RELATED,ESTABLISHED
        ACCEPT     all  --  anywhere             anywhere
        FORWARD_direct  all  --  anywhere             anywhere
        FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
        FORWARD_IN_ZONES  all  --  anywhere             anywhere
        FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
        FORWARD_OUT_ZONES  all  --  anywhere             anywhere
        ACCEPT     icmp --  anywhere             anywhere
        REJECT     all  --  anywhere             anywhere
        reject-with icmp-host-prohibited

        Chain OUTPUT (policy ACCEPT)
        target     prot opt source               destination
        OUTPUT_direct  all  --  anywhere             anywhere

        Chain FORWARD_IN_ZONES (1 references)
        target     prot opt source               destination
        FWDI_public  all  --  anywhere             anywhere
        [goto]
        FWDI_public  all  --  anywhere             anywhere
        [goto]

        Chain FORWARD_IN_ZONES_SOURCE (1 references)
        target     prot opt source               destination

        Chain FORWARD_OUT_ZONES (1 references)
        target     prot opt source               destination
        FWDO_public  all  --  anywhere             anywhere
        [goto]
        FWDO_public  all  --  anywhere             anywhere
        [goto]

        Chain FORWARD_OUT_ZONES_SOURCE (1 references)
        target     prot opt source               destination

        Chain FORWARD_direct (1 references)
        target     prot opt source               destination

        Chain FWDI_public (2 references)
        target     prot opt source               destination
        FWDI_public_log  all  --  anywhere             anywhere
        FWDI_public_deny  all  --  anywhere             anywhere
        FWDI_public_allow  all  --  anywhere             anywhere

        Chain FWDI_public_allow (1 references)
        target     prot opt source               destination

        Chain FWDI_public_deny (1 references)
        target     prot opt source               destination

        Chain FWDI_public_log (1 references)
        target     prot opt source               destination

        Chain FWDO_public (2 references)
        target     prot opt source               destination
        FWDO_public_log  all  --  anywhere             anywhere
        FWDO_public_deny  all  --  anywhere             anywhere
        FWDO_public_allow  all  --  anywhere             anywhere

        Chain FWDO_public_allow (1 references)
        target     prot opt source               destination

        Chain FWDO_public_deny (1 references)
        target     prot opt source               destination

        Chain FWDO_public_log (1 references)
        target     prot opt source               destination

        Chain INPUT_ZONES (1 references)
        target     prot opt source               destination
        IN_public  all  --  anywhere             anywhere            [goto]
        IN_public  all  --  anywhere             anywhere            [goto]

        Chain INPUT_ZONES_SOURCE (1 references)
        target     prot opt source               destination

        Chain INPUT_direct (1 references)
        target     prot opt source               destination

        Chain IN_public (2 references)
        target     prot opt source               destination
        IN_public_log  all  --  anywhere             anywhere
        IN_public_deny  all  --  anywhere             anywhere
        IN_public_allow  all  --  anywhere             anywhere

        Chain IN_public_allow (1 references)
        target     prot opt source               destination
        ACCEPT     tcp  --  anywhere             anywhere
        tcp dpt:http ctstate NEW
        ACCEPT     tcp  --  anywhere             anywhere
        tcp dpt:ssh ctstate NEW
        ACCEPT     tcp  --  anywhere             anywhere
        tcp dpt:https ctstate NEW

        Chain IN_public_deny (1 references)
        target     prot opt source               destination

        Chain IN_public_log (1 references)
        target     prot opt source               destination

        Chain OUTPUT_direct (1 references)
        target     prot opt source               destination



        ___________________________________________________________
        Please keep all replies on the list by using "reply all" in your
        mail client. To manage your subscriptions to this and other
        Galaxy lists, please use the interface at:
        https://lists.galaxyproject.org/ To search Galaxy mailing lists
        use the unified search at:
        http://galaxyproject.org/search/mailinglists/


        ___________________________________________________________
        Please keep all replies on the list by using "reply all"
        in your mail client.  To manage your subscriptions to this
        and other Galaxy lists, please use the interface at:
        https://lists.galaxyproject.org/

        To search Galaxy mailing lists use the unified search at:
        http://galaxyproject.org/search/mailinglists/


------------------------------------------------------------------------

UTSouthwestern

Medical Center

The future of medicine, today.



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
   https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
   http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

Reply via email to