Question: New History is created each time I log into Galaxy
1
gravatar for David Anderson
3.8 years ago by
David Anderson40 wrote:

Hi All,

I am having a problem with our Galaxy installation where each time a user logs in a new History is created.

Our Galaxy is behind a proxy. We believe that we may be missing some parameters in the nginx.conf . 

Could someone help us with this?

 

Here is our configuration for Galaxy

 location /galaxy/root/display_as {

            set $isDisplay 'true';

            set_by_lua_file $p {{genapLuaModulePath}}/validateGenapCookies.lua;

            proxy_set_header   X-Forwarded-Host $host;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-URL-SCHEME https;

           proxy_pass http://$backendHost:$backendPort$pathPrefix$uri$is_args$args;
        }

 

Thank you very much

nginx proxy galaxy history • 1.2k views
ADD COMMENTlink modified 3.8 years ago by Martin Čech ♦♦ 4.9k • written 3.8 years ago by David Anderson40
1

This sounds familiar enough that it may have been a bug I fixed previously.  What revision of Galaxy are you running?

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k

I am running a June 2, 2014 Galaxy Distribution .

Although I intend to update my code, I presently cannot update the prod version.

I was just wondering if it would be an simple fix/config that I could apply to this version, while I prepare the upgrade.

 

Thanks


 

ADD REPLYlink written 3.8 years ago by David Anderson40

I can't find the actual changeset I'm thinking of, but this wasn't a simple configuration change unfortunately.  I'd recommend performing a full update in the near future, considering the recent security release.

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k

Hi Dannon,

Thank for looking into this for me.
I installed all security updates so far, including the latest Jan 13th 2015.

I am planning on an update, but since this Galaxy is already in prod I was trying to modify what is there.

I've tried to update from my version to the latest (in a VM) and too many things went wrong. So I will probably go for a fresh install.

Thank you very much

 

 

ADD REPLYlink written 3.8 years ago by David Anderson40

Got it, I'm glad you installed the security updates.

If you could detail what went wrong with your last distribution update, I'd really, really like to hear it.  We're trying very hard to make these updates as smooth as possible.

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k
1

HI Dannon,

Yesterday I posted an answer for you about the update but I can't see it. So here it goes again.

The Problem was not the update process itself but how we have everything set up here.

Here in Canada we have a project called GenAP which aims to host Genetics and Genomics tools. Galaxy is one of the (the most important one).

In GenAP a PI can request his private Galaxy as if he was in a cloud facility. But he is actually starting a chroot of our 'master' VM in another VM that is a submit node in our HPC.

Our Galaxies share a few directories, one of them being tool-data. So all .loc files and genomes are shared. This is what was causing problems during the update. The update process does not follow the symlinks and throws an error.

Yesterday after we exchange messages I tried to update one of my dev VMs, but before I rename the tool-data dir. After solving few conflicts the update worked :)

I will continue to test and I will have to learn some of the new config options but everything seems fine now.

Thank you very much for your help

 

 

 

 

 

ADD REPLYlink written 3.8 years ago by David Anderson40

Thanks for the update, I understand now; tat's an interesting setup!

Good to hear that everything went mostly smooth with the update.  Don't hesitate to let us know if there's anything else we can help with. 

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k

Hi Dannon,
I upgraded a VM to the latest version and put it behind the proxy. Unfortunately this did solved the problem. I still get a new history each time I log in.

Any clue of what might be wrong?

Thank you very much

 

ADD REPLYlink written 3.8 years ago by David Anderson40

Well that's a bummer, I was really thinking this was a bug we'd fixed.  So, can you elaborate on what headers validateGenapCookies.lua sets? Your configuration is somewhat different from the base setup here: https://wiki.galaxyproject.org/Admin/Config/nginxProxy

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k

Hi Dannon,

My friend Maxime, who is responsible for the nginx configuration answered you below.

We also put Galaxy (new and old codes) behind a simplified version of the configuration and it still creates new histories.

 

worker_processes  4;
error_log logs/error.log;

events {
    worker_connections 1024;
}

http {
    server {
        listen 443 ssl;
        ssl_certificate      /genap_ssl/genap.ca.crt;
        ssl_certificate_key  /genap_ssl/genap.ca.pem;
        lua_code_cache off;
        set $loginOnHost 'THE_USER';

        location / {
            proxy_set_header REMOTE_USER "$loginOnHost";
            proxy_set_header   X-Forwarded-Host $host;
            proxy_set_header   X-Forwarded-For       $proxy_add_x_forwarded_for;
            proxy_set_header   X-URL-SCHEME https;
            proxy_pass http://192.168.0.206:40043;
        }

    }

}

One thing that we did not mention is that we are using https. Could that be the source of the problem?
 

One last question how can I get to decode the cookie? Maybe by looking at the cookie 'galaxysession' we can figure out what is not being passed to Galaxy.

Thanks a lot

 

ADD REPLYlink modified 3.8 years ago • written 3.8 years ago by David Anderson40
2
gravatar for David Anderson
3.8 years ago by
David Anderson40 wrote:

Hi all
We found a fix.

It was a rather simple one actually.

Our proxy was not set to a subdirectory while in our universe_wsgi.ini the cookie_path and proxy prefix were both pointing to /galaxy.

It was then a simple matter of removing this and Galaxy (old and new version) started to work again.

Thanks a lot

ADD COMMENTlink written 3.8 years ago by David Anderson40

Wow, I'm really glad you figured this out!  I've been trying to reproduce it to no success -- hadn't tried this yet.

ADD REPLYlink written 3.8 years ago by Dannon Baker3.7k
1
gravatar for maxime.levesque
3.8 years ago by
maxime.levesque10 wrote:

Hello everyone, thanks for looking at the problem, here's a mor complete copy of our NGINX config : 

 

As you can see, there are two differences :

1) we don't use the AUTH PAM module, but our own (a lua script), this should not (at least in theory) make a difference, since both modules merely set a value to a variable that sets the value to the REMOTE_USER header. 

2) The proxy_pass directive is done *after* calling the 4 calls to proxy_set_header, 

Both configs set the headers : 

            proxy_set_header REMOTE_USER "$loginOnHost";
            proxy_set_header   X-Forwarded-Host $host;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-URL-SCHEME https;

 

We will setup a proxy instance that does not do authentication (always sets the variable to a hard coded REMOTE_USER), and see if the problem persists. 

Meanwhile if you could confirm that you are using this mechanism : 

  http://pythonpaste.org/modules/auth.cookie.html

If yes, could the problem be that "REMOTE_SESSION" is being changed at everyt call ?

if yes, I would suspect that the code on paste and or galaxy that does the "create session if none already exists" is the culprit, in this case it would be useful to debug this code, and/or add logging and/or tracing. Any pointers as to what log level to add or where in the code the decision to "create a REMOTE_SESSION if none exists " would be appreciated..

Thanks !

 

 

 

 

 

 

 

 

ADD COMMENTlink written 3.8 years ago by maxime.levesque10
0
gravatar for Jennifer Hillman Jackson
3.8 years ago by
United States
Jennifer Hillman Jackson25k wrote:

Hello,

Correction: not intended functionality, just present, in earlier distributions of Galaxy. Which are you running now? If not the most current, it is important to upgrade to incorporate the latest security updates.

http://wiki.galaxyproject.org/DevNewsBriefs

Thanks, Jen, Galaxy team

ADD COMMENTlink modified 3.8 years ago • written 3.8 years ago by Jennifer Hillman Jackson25k
0
gravatar for David Anderson
3.8 years ago by
David Anderson40 wrote:

I am running a June 2, 2014 Galaxy Distribution .

Although I intend to update my code, I presently cannot update the prod version.

I was just wondering if it would be an simple fix/config that I could apply to this version, while I prepare the upgrade.

 

Thanks

ADD COMMENTlink written 3.8 years ago by David Anderson40

Dannon can help you find the changeset and help determine if it can be applied independently. The security patches can be applied by themselves without a full upgrade. See the release notes for the last distribution for instructions. Thanks! Jen

ADD REPLYlink written 3.8 years ago by Jennifer Hillman Jackson25k

Hi Jennifer,

I really appreciate you reply.

Dannon would you please let me know how to I apply this fixes to our Galaxy?

I am new to the biostar concept so I hope I am using the right channel to ask these questions.

 

Thank you both for your help.

 

 

ADD REPLYlink modified 3.8 years ago • written 3.8 years ago by David Anderson40

You are doing great and Dannon and I are both on the same team :) You are now on our team too - the community team! Asking questions here helps many. Dannon will be able to help you going forward with this one. We overlapped a bit, it happens, sorry if it was confusing. Thanks, Jen

ADD REPLYlink modified 3.8 years ago • written 3.8 years ago by Jennifer Hillman Jackson25k

Thanks a lot Jennifer,

It was not confusing at all.

I love how the Galaxy community is always ready to help.

Looking forward to meet you all in England this summer.

cheers
 

ADD REPLYlink written 3.8 years ago by David Anderson40
Please log in to add an answer.

Help
Access

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.
Powered by Biostar version 16.09
Traffic: 175 users visited in the last hour