Question: Galaxy Tool Shed use when using nginx as an authentication proxy
gravatar for daniel.john.shea
4.6 years ago by
United States / Boston / Harvard Medical School
daniel.john.shea10 wrote:


I've been unable to find a solution to this issue, and my local installation log files have not yet shown me exactly what I am missing in my configuration.  I have configured galaxy to utilize nginx as an authentication proxy.  The proxy is making use of PAM to allow LDAP accounts to authenticate to the local installation.  This is working as intended, however when I attempt to install tools in the main tool shed I am getting a curious error, which I think is due to a misconfiguration of my proxy, but I am not sure how I should go about resolving it.

My nginx.conf is as follows:

        # Galaxy configuration
        upstream galaxy_app {
        server localhost:8080;
        server {
                client_max_body_size 10G;
                # ... other server stuff ...
                location / {
                auth_pam "Basic Auth Realm Name";
                auth_pam_service_name "nginx";
                proxy_pass http://galaxy_app;
                proxy_set_header REMOTE_USER $remote_user;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-URL-SCHEME https;
                location /_x_accel_redirect/ {
                alias /;

I have made the requisite corresponding configuration changes to my universe_wsgi.ini file.

host =
nginx_x_accel_redirect_base = /_x_accel_redirect
upstream_gzip = True
set_metadata_externally = True
use_remote_user = True
remote_user_maildomain =
require_login = True
allow_user_creation = False

nginx and Galaxy start up, and I am able to login using my LDAP account and my administrative rights seem to work in all aspects except for tool installation.

Attempting to install a tool, I am able to navigate to Admin-->Search and Browse Tool Sheds

I select a tool for installation however and upon clicking "Install to Galaxy" I am greeted with the following within the installation pane:

Unable to connect

Firefox can't establish a connection to the server at <our_local_install_server_name_is_here>.

My question is, is there something additional that I must specify to the nginx proxy to enable this connection to take place?  I am assuming that the proxy configuration is the issue as I was able to previously install tools prior to configuring the proxy and enabling PAM authentication.

I was unable to find anything related to this particular error and my initial setup of the proxy was based off of the documentation located here:


Dan Shea
West Quad Computing Group
Harvard Medical School


toolshed galaxy local nginx • 2.4k views
ADD COMMENTlink modified 4.5 years ago by Srinivas50 • written 4.6 years ago by daniel.john.shea10
gravatar for Brad Langhorst
4.5 years ago by
United States
Brad Langhorst100 wrote:

I don't have a good answer for you...  but since no one else has replied I'll share how I've handled this.

Like you, we are using ldap auth. If i enable it in the toolshed (running at, tools cannot be installed.

My solution has been to create a local user  for toolshed admin and allow unauthenticated access.

That works for me since I'm the only person installing local tools.



ADD COMMENTlink written 4.5 years ago by Brad Langhorst100

Thanks Brad!  I will give that a go and hopefully that should serve our needs.  Have a great day!

Dan Shea

ADD REPLYlink written 4.5 years ago by daniel.john.shea10
gravatar for Srinivas
4.5 years ago by
United States
Srinivas50 wrote:

Thanks for the question and the tip.

I was able to get this work by:

  1. Provisioning a local user while logged in as an admin user
  2. Creating a copy of the universe_wsgi.ini file and editing it to:
    • create a new web server on a different port
    • removing authentication related settings
    • setting "admin_users" to user created in step 1
  3. Creating a copy of the file and editing it to reference the file created in step 1
  4. Executing to spawn the new server
  5. Logging in to the new server at the specified port as the user created in step 1
ADD COMMENTlink modified 4.5 years ago • written 4.5 years ago by Srinivas50
Please log in to add an answer.


Use of this site constitutes acceptance of our User Agreement and Privacy Policy.
Powered by Biostar version 16.09
Traffic: 165 users visited in the last hour