Peter, I just figured out how to fix it. In galaxy.yml, I changed HTTP_REMOTE_USER to REMOTE_USER, and now it works. My next thing is to test the sub-uri.
Thanks, Ping On Fri, Dec 14, 2018 at 11:02 AM Ping Luo <luop0...@gmail.com> wrote: > Peter, > > I have been using the default http protocol for the Galaxy server which is > not preferred. I am now testing uwsgi TCP sockets. I start the server on > server root without sub-uri to see how it works. > > Here is my Apache configuration: > > <VirtualHost *:8443> > ServerName xxx.xxx.xxx.xxx > ServerAdmin ad...@xxx.xxx > > DocumentRoot "/opt/rh/httpd24/root/var/www/html" > TransferLog "logs/scgalaxy_access.log" > ErrorLog "logs/scgalaxy_error.log" > > SSLEngine On > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 > SSLCertificateFile "/etc/pki/tls/certs/galaxy.cer" > SSLCertificateKeyFile "/etc/pki/tls/private/galaxy.key" > SSLCertificateChainFile "/etc/pki/tls/certs/galaxy.cer" > > RewriteEngine on > ProxyPass / uwsgi://127.0.0.1:4001/ # > access is denied due to username not provided with external authentication > method > # ProxyPass / http://127.0.0.1:8080/ # > same configuration works fine with http > > <Location "/"> > SSLRequireSSL > AuthType CAS > Require valid-user > RewriteCond %{IS_SUBREQ} ^false$ > RewriteCond %{LA-U:REMOTE_USER} (.+) > RewriteRule . - [E=RU:%1] > RequestHeader set X-URL-SCHEME https > RequestHeader set REMOTE_USER %{REMOTE_USER}s > </Location> > </VirtualHost> > > However, when accessing the galaxy server, I got the following error. The > same setting works fine when galaxy is served with http. What need be > changed in Apache for serving galaxy with uwsgi socket? > Access to Galaxy is denied > > Galaxy is configured to authenticate users via an external method (such as > HTTP authentication in Apache), but a username was not provided by the > upstream (proxy) server. This is generally due to a misconfiguration in the > upstream server. > > > The log file dumps the following output: > > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,724 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] Unable to identify user. > HTTP_REMOTE_USER not found > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multiprocess = False > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include_app_iter = > <paste.recursive.IncluderAppIter from /> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,725 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_COOKIE = > _ga=GA1.2.525722961.1528376483; > __utma=194481448.525722961.1528376483.1528377532.1528377532.1; > _vwo_uuid_v2=DF9EBC570796316331B3F82AE49BE8DE8|18923f6303554ba0ab6938b046ebc11c; > _vwo_uuid=DF9EBC570796316331B3F82AE49BE8DE8; > MOD_AUTH_CAS_S=4865a71d55619aa6196d7b753d27356e; > galaxysession=4a833ad4d9934a58ce0b64778f963b982b8f5e10ca4a7b26ac9eeb1368c1462fdcb2aa7c9f32ba00 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.forward = > <paste.recursive.Forwarder from /> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_DOCUMENT_ROOT = > /opt/rh/httpd24/root/var/www/html > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SOFTWARE = Apache/2.4.34 (Red > Hat) OpenSSL/1.0.2k-fips Phusion_Passenger/4.0.50 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.include = > <paste.recursive.Includer from /> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] CONTEXT_PREFIX = > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_SIGNATURE = > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_METHOD = GET > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH_INFO = / > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PROTOCOL = HTTP/1.1 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,726 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] QUERY_STRING = > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] PATH = > /opt/rh/rh-ruby22/root/usr/bin:/opt/rh/httpd24/root/usr/bin:/opt/rh/httpd24/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] LD_LIBRARY_PATH = > /opt/rh/rh-ruby22/root/usr/lib64:/opt/rh/httpd24/root/usr/lib64 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SSL_TLS_SNI = > portal-terra.hprc.tamu.edu > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] RU = pingluo > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_USER_AGENT = Mozilla/5.0 (X11; > Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CONNECTION = keep-alive > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_NAME = > portal-terra.hprc.tamu.edu > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_ADDR = 165.91.254.86 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.throw_errors = True > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,727 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.url_scheme = https > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_PORT = 8443 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.node = portal > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADDR = 165.91.16.42 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] DOCUMENT_ROOT = > /opt/rh/httpd24/root/var/www/html > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] original_wsgi.url_scheme = https > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.core = 0 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_FILENAME = proxy:uwsgi:// > 127.0.0.1:4001/ > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SERVER_ADMIN = ad...@hprc.tamu.edu > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,728 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] paste.recursive.script_name = > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URI = > https://portal-terra.hprc.tamu.edu:8443/ > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.input = <uwsgi._Input object at > 0x2ad4f36e81e0> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_USER = pingluo > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_HOST = > portal-terra.hprc.tamu.edu:8443 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_URL = / > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTPS = on > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.multithread = True > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,729 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_UPGRADE_INSECURE_REQUESTS = 1 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_CACHE_CONTROL = max-age=0 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_URI = / > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT = > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_X_URL_SCHEME = https > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.version = (1, 0) > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] GATEWAY_INTERFACE = CGI/1.1 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,730 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.run_once = False > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] SCRIPT_NAME = > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REMOTE_PORT = 56284 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.5 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] REQUEST_SCHEME = https > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.errors = <open file > 'wsgi_errors', mode 'w' at 0x2ad4f3b350c0> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] uwsgi.version = 2.0.17.1 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] request_id = > d8e1b156ffc111e8bbbc0894ef20d911 > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,731 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] wsgi.file_wrapper = <built-in > function uwsgi_sendfile> > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] HTTP_ACCEPT_ENCODING = gzip, deflate, > br > galaxy.web.framework.middleware.remoteuser DEBUG 2018-12-14 11:01:06,732 > [p:19333,w:1,m:0] [uWSGIWorker1Core0] UNIQUE_ID = > XBPh0ilC82mF4py6Qa6eRwAAAAI > > > Thanks, > > > Ping > > On Wed, Dec 12, 2018 at 5:07 AM Peter Briggs < > peter.bri...@manchester.ac.uk> wrote: > >> Hello Ping >> >> If you're using the YAML config then there isn't an equivalent of the >> "[filter:proxy-prefix]" section from the INI version of the config - this >> section doesn't seem to be required any more. So the two lines you already >> have in the 'galaxy' section of the YAML file should be sufficient i.e. >> >> galaxy: >> #... >> filter-with: proxy-prefix >> cookie_path: '/galaxy' >> >> However you also need to make sure that you have the correct options in >> the 'uwsgi' section of the YAML config file, and that your Apache >> configuration is set correctly to handle the proxy prefix. The relevant >> documentation for these is here (for 18.09): >> >> >> https://docs.galaxyproject.org/en/release_18.09/admin/apache.html#serving-galaxy-at-a-url-prefix >> >> HTH >> >> Best wishes >> >> Peter >> >> -- >> Peter Briggs peter.bri...@manchester.ac.uk >> Bioinformatics Core Facility University of Manchester >> B.1083 Michael Smith Bldg Tel: (0161) 2751482 >> >> ------------------------------ >> *From:* galaxy-dev [galaxy-dev-boun...@lists.galaxyproject.org] on >> behalf of Ping Luo [luop0...@gmail.com] >> *Sent:* Wednesday, December 12, 2018 6:35 AM >> *To:* galaxy-dev >> *Subject:* [galaxy-dev] how to configure sub-uri in galaxy.yml >> >> I am trying to configure Galaxy v18.09 wtih sub-uri. In prior 18.01, I >> use this configuration in conjunction with Apache rewrite rules and it >> works well: >> >> [filter:proxy-prefix] >> use = egg:PasteDeploy#prefix >> prefix = /msgalaxy >> [app:main] >> filter-with = proxy-prefix >> cookie_path = '/galaxy' >> >> >> In galaxy.yml, I know I need to uncomment and add the following >> >> filter-with: proxy-prefix >> cookie_path: '/galaxy' >> >> However, I don't know where and how to add filter:proxy-prefix. The >> comment in config.yml says: >> >> # If running behind a proxy server and Galaxy is served from a >> # subdirectory, enable the proxy-prefix filter and set the prefix in >> # the [filter:proxy-prefix] section above. >> >> which is for galaxy.ini file. An example on how to do it would be much >> appreciated. >> >> Ping >> >
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
