We recently upgraded to 20.09. Configuring galaxy to listen on a port using SSL.
Everything works OK on non-ssl ports. But of course we can’t put that into production.
I am following this guide:
https://docs.galaxyproject.org/en/latest/admin/scaling.html
That document is pointed to by a discussion on configuring uwsgi without
a proxy server here: galaxy+SSL without a proxy set up?
Galaxy reports:
Starting server in PID 8037.
serving on https://127.0.0.1:8443
serving on http://127.0.0.1:8888
mfricke@taos:~[]$ sudo lsof -i -P -n | grep :8888
uwsgi 8037 galaxy 4u IPv4 109301279 0t0 TCP
127.0.0.1:8888 (LISTEN)
uwsgi 8104 galaxy 4u IPv4 109301279 0t0 TCP
127.0.0.1:8888 (LISTEN)
mfricke@taos:~[]$ sudo lsof -i -P -n | grep :8443
mfricke@taos:~[]$
Galaxy has permissions to read the SSL certs:
-bash-4.2$ ls -lah /opt/galaxy/20.09/ssl/
rw-r--r-- 1 galaxy galaxy-admin 1.7K Nov 25 08:24 alliance-wildcard.key
-rw-r--r-- 1 galaxy galaxy-admin 2.4K Nov 25 08:24
alliance-wildcard-public.crt
and in galaxy.yaml
http: 127.0.0.1:8888
https: 127.0.0.1:8443,/opt/galaxy/20.09/ssl/alliance-wildcard-public.crt,/opt/galaxy/20.09/ssl/alliance-wildcard.key
http-to-https: =0
I also added a debug statement to make sure the parameters were being
passed down to the libraries:
galaxy.web_stack DEBUG 2020-12-02 10:40:41,885 [p:7467,w:1,m:0]
[MainThread] Calling postfork function: <function postfork_setup at
0x7f8a68952158>
VAL++++++++++++++
127.0.0.1:8443,/opt/galaxy/20.09/ssl/alliance-wildcard-public.crt,/opt/galaxy/20.09/ssl/alliance-wildcard.key
VAL++++++++++++++ 127.0.0.1:8888
galaxy.web_stack INFO 2020-12-02 10:40:41,885 [p:7467,w:1,m:0]
[MainThread] Galaxy server instance 'main.web.1' is running
These are the same certificates we use on our other web services so they
should be good.
Any help would be appreciated.
All the best,
Matthew