HowToInstall/ApacheProxy - Galaxy - Trac

Wiki Navigation

Currently the only recommended way to run Galaxy with Apache is using mod_rewrite/mod_proxy. Because Galaxy is a long running application with important state information that persists between requests, running Galaxy via cgi, fastcgi, or any mechanism that creates multiple processes is not recommended, and may cause data loss.

Apache configuration

For a default Galaxy configuration running on http://localhost:8080, with mod_rewrite being loaded, the following lines in the apache configuration should be sufficient to divert all calls to the paste process on localhost port 8080 for example:

RewriteEngine on
RewriteRule ^(.*) http://localhost:8080$1 [P]

It can be advantageous to allow Apache to server static content directly, reducing the load on the Galaxy process and allowing for more effective compression assuming (mod_gzip is loaded and configured), caching, and pipelining. The following additional rewrite rules will accomplish this:

RewriteRule ^/static/style/(.*) /var/opt/galaxy/test/static/june_2007_style/blue/$1 [L]
RewriteRule ^/static/(.*) /var/opt/galaxy/test/static/$1 [L]
RewriteRule ^/images/(.*) /var/opt/galaxy/test/static/images/$1 [L]
RewriteRule ^/favicon.ico /var/opt/galaxy/test/static/favicon.ico [L]
RewriteRule ^/robots.txt /var/opt/galaxy/test/static/robots.txt [L]

Apache configuration with Galaxy not at the web server root

To run Galaxy at a location under the webserver root (e.g. at http://my.server.org/galaxy) two changes are needed. Firstly, the following apache mod_rewrite configuration lines can be used to proxy any calls to /galaxy over to the paste process running on localhost port 8080:

RewriteEngine on
ReWriteRule ^/galaxy$ /galaxy/ [R]
RewriteRule ^/galaxy(.*) http://localhost:8080$1 [P]

(Note the first rewrite rule deals with the missing trailing slash problem...otherwise http://yourserver.org/galaxy will likely yield an error)

Additionally, the Galaxy application needs to be aware that it is running with a prefix (for generating URLs in dynamic pages). This is accomplished by installing and configuring a Paste proxy-prefix filter (setting the root of the site to /galaxy in the example below) and then installing it in [app:main], by adding the following lines to universe_wsgi.ini:

 # ---- Galaxy Web Interface -------------------------------------------------
 
[filter:proxy-prefix]
use = egg:PasteDeploy#prefix
prefix = /galaxy

[app:main]
 
filter-with = proxy-prefix

External authentication and $REMOTE_USER

Galaxy can be placed behind Apache authentication. Any method that sets $REMOTE_USER in the server environment is allowed (Basic Authentication, mod_auth_foo, Cosign, ...). Since $REMOTE_USER is not, by default, passed to the proxied application, you must add the following lines to your Apache config to ensure it's passed:

RewriteCond %{IS_SUBREQ} ^false$
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set REMOTE_USER %{RU}e

On the Galaxy side, enable use_remote_user in universe_wsgi.ini. If your auth method doesn't set a full email address in $REMOTE_USER, be sure to also set remote_user_maildomain (Galaxy will tell you via an error message if remote_user_maildomain needs to be set).

Users are automatically created in the Galaxy database if the external auth method allows them through. Users created in this manner may not log in if use_remote_user is later disabled (the 'external' boolean is true in the user's record in the galaxy_user table).

Download in other formats:

Plain Text