Hi everyone,
I am in charge of getting a Galaxy server instance running smoothly behind an Apache SSL to SSL reverse proxy, meaning that I've configured an Apache instance in our DMZ that proxies all requests to an SSL enabled Apache server on a separate VLAN, which in turn proxies requests to the Galaxy server running on localhost:8080.
The reason for this is the wish to keep as few ports open between our DMZ and the secured VLAN, as well as making sure that traffic is encrypted between the endpoints and lastly that the connections always enter the secured VLAN from a single ip address (the Apache SSL enabled reverse proxy).
This basically sort of works, but there are some issues performance wise, where it seems the Galaxy server is causing timeouts on the Apache running in front of it, in turn causing the exact same issue on the DMZ reverse proxy.
We get a number of proxy_http:error messages from time to time, basically stating that the server on localhost:8080 takes too long to answer for the Apache not to timeout. The messages look like this:
[proxy_http:error] [pid 3698] (70007)The timeout specified has expired: [client <ip-address:port>] AH01102: error reading status line from remote server http://localhost:8080, referer: https://reverseproxy.dmz.domain.com/galaxy
The setup follows all the requirements advised for running Galaxy behind a proxy:
[1] Galaxy has been configured to disable all developer settings
[2] Galaxy has been configured to use PostgreSQL as its database
[3] Galaxy has had the proxy-prefix set (/galaxy)
[4] Apache has been setup to rewrite urls accordingly and the needed directives for header requests (RequestHeader set X-URL-SCHEME https) and such have been set according to the documentation available.
[5] The DMZ reverse proxy basically does all the same
Has anyone experienced similar issues with running Galaxy in a proxy environment?