-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxy reconfiguration to show the Tripal site rather than Galaxy as the landing page #17
Comments
So this should be changeable:
|
Can you elaborate more on this point? I'm not quite sure what you mean re: securing system paths. |
Hello again. I'll take a closer look at the mutability of the proxy paths as you have suggested. On the issue of user roles, I guess what I'm thinking is that our particular deployment is likely to have several distinct classes of users: plant breeders (running breeding specific workflows); the data curators (putting new crop genomic information into the system, with quality control; plant breeders won't likely put such information in themselves); and, perhaps, administrators of the system. I guess I'm not so concerned about the last category of users, in that every component - Galaxy, Apollo(?) and Tripal - have "admin" user modes built in. Rather, the main issue is likely to only allow qualified data curators to prepare genomic data for uploading to the system, mainly for use by plant breeders in their marker or genomic selection based breeding workflows. Anyhow, we can ponder this further over the coming couple of months. |
This should already be more or less supported. The data curators can add the datasets + share with the users using the features already there for that. And by sharing with plant breeders they can run workflows and update the records in apollo. If the breeders should not be permitted to add new tracks to the genome, just make sure you only grant them read access. |
thanks. The system has great flexibility so I'm sure we'll sort something out here. |
For redirection, this is how I configure nginx to have tripal at
Not sure if And in the docker-compose.yml:
For the permissions problem, I have nothing to add because my setup is simpler = we only have admins and annotators. We authenticate with an ldap, and restrict access to galaxy to admins (who load organisms into apollo). |
Thanks @abretaud I'm going to try to apply the kinds of settings as you note above, to swap Galaxy and Tripal paths. I notice that the Docker images you are using are not the same ones as in the standard docker-compose.yml file:
versus
and
versus
What are the differences? Your comment about the proxy_cookie_path might actually be kind of useful for the issue we've encountered of getting the Galaxy / Apollo gx-cookie-proxy remote user proxy working for us, since our "real" base URL's will also be something like https://sunflower.divseekcanada.ca, not simply localhost, and those URL's are actually proxied through a second NGINX proxy on another "gateway" server. I'll probably ask more questions later about your user authentication / authorisation setup, in case it sheds more light on how we should configure out system here. |
The way the NGINX proxy of this project is configured, the "landing" page of the URL is the Galaxy instance, and the Tripal site is on the path "/tripal". Although the Proxy NGINX default.conf can be superficial reconfigured to show Tripal as the landing page, putting Galaxy at the end of the path "/galaxy" breaks Galaxy and Apollo. It would be good to know how to make this swap work.
Another mildly related issue is how to best secure the /galaxy and /apollo (and possibly other) system paths as accessible only to users with specific designated "roles" such as "administrator" and "curator". This is a more restricted model of access than the system currently supports, I think.
The text was updated successfully, but these errors were encountered: