Login problem with Galaxy instance

classic Classic list List threaded Threaded
22 messages Options
12
| Threaded
Open this post in threaded view
|

Login problem with Galaxy instance

Makis Ladoukakis
Hi I have some experience with setting up Galaxy instances but I came across a very peculiar issue when trying to setup the newest version.

While I am able to register as a new user when I try to login I get redirected to the home page without being logged in.

In the galaxy.ini is I disabled user_activation as I don't want a confirmation e-mail for new registrations, altered the host to 0.0.0.0 for network use and changed the port (which i opened up through the apache webserver)

Am I missing something?

Any help would be appreciated.

Kind regards,
Efthymios Ladoukakis

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Login problem with Galaxy instance

Nicola Soranzo-2
Hi Efthymios,
have you tried to delete the cookies in the browser? That may fix the problem.

Cheers,
Nicola

Il 16.06.2015 17:46 Makis Ladoukakis ha scritto:

Hi I have some experience with setting up Galaxy instances but I came across a very peculiar issue when trying to setup the newest version.

While I am able to register as a new user when I try to login I get redirected to the home page without being logged in.

In the galaxy.ini is I disabled user_activation as I don't want a confirmation e-mail for new registrations, altered the host to 0.0.0.0 for network use and changed the port (which i opened up through the apache webserver)

Am I missing something?

Any help would be appreciated.

Kind regards,
Efthymios Ladoukakis



Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Login problem with Galaxy instance

Makis Ladoukakis
Hi Nicola thanks for the help. Unfortunately that didn't work. I was also looking at the Galaxy log and I found this line right next to the login attempt:

galaxy.webapps.galaxy.controllers.user WARNING 2015-06-16 18:44:33,165 Redirect URL is outside of Galaxy, will redirect to Galaxy root instead:


I could use any help.

Kind regards,
Efthymios Ladoukakis


Date: Tue, 16 Jun 2015 18:30:12 +0200
From: [hidden email]
To: [hidden email]
CC: [hidden email]
Subject: Re: [galaxy-dev] Login problem with Galaxy instance

Hi Efthymios,
have you tried to delete the cookies in the browser? That may fix the problem.

Cheers,
Nicola
Il 16.06.2015 17:46 Makis Ladoukakis ha scritto:
Hi I have some experience with setting up Galaxy instances but I came across a very peculiar issue when trying to setup the newest version.

While I am able to register as a new user when I try to login I get redirected to the home page without being logged in.

In the galaxy.ini is I disabled user_activation as I don't want a confirmation e-mail for new registrations, altered the host to 0.0.0.0 for network use and changed the port (which i opened up through the apache webserver)

Am I missing something?

Any help would be appreciated.

Kind regards,
Efthymios Ladoukakis



Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Login problem with Galaxy instance

Makis Ladoukakis

Actually that actually worked. Couldn't see it before.

Thanks Nicola!



From: [hidden email]
To: [hidden email]
Date: Wed, 17 Jun 2015 09:06:52 +0300
CC: [hidden email]
Subject: Re: [galaxy-dev] Login problem with Galaxy instance

Hi Nicola thanks for the help. Unfortunately that didn't work. I was also looking at the Galaxy log and I found this line right next to the login attempt:

galaxy.webapps.galaxy.controllers.user WARNING 2015-06-16 18:44:33,165 Redirect URL is outside of Galaxy, will redirect to Galaxy root instead:


I could use any help.

Kind regards,
Efthymios Ladoukakis


Date: Tue, 16 Jun 2015 18:30:12 +0200
From: [hidden email]
To: [hidden email]
CC: [hidden email]
Subject: Re: [galaxy-dev] Login problem with Galaxy instance

Hi Efthymios,
have you tried to delete the cookies in the browser? That may fix the problem.

Cheers,
Nicola
Il 16.06.2015 17:46 Makis Ladoukakis ha scritto:
Hi I have some experience with setting up Galaxy instances but I came across a very peculiar issue when trying to setup the newest version.

While I am able to register as a new user when I try to login I get redirected to the home page without being logged in.

In the galaxy.ini is I disabled user_activation as I don't want a confirmation e-mail for new registrations, altered the host to 0.0.0.0 for network use and changed the port (which i opened up through the apache webserver)

Am I missing something?

Any help would be appreciated.

Kind regards,
Efthymios Ladoukakis



Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/


___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
In reply to this post by Makis Ladoukakis
Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1

/usr/sbin/setsebool -P httpd_can_network_connect 1



but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused

Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1

/usr/sbin/setsebool -P httpd_can_network_connect 1



but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Juan Carlos
hi,

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?


cheers
jc

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused


Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1

/usr/sbin/setsebool -P httpd_can_network_connect 1



but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?


cheers
jc

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused


Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Juan Carlos

Hi,
If you have a line in your Apache conf like 
"Listen 80"
change to 
"Listen 8081"



On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?


cheers
jc

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused


Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 8081.

Any idea why?

Kind regards,
Makis


Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: [hidden email]
To: [hidden email]


Hi,
If you have a line in your Apache conf like 
"Listen 80"
change to 
"Listen 8081"



On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?


cheers
jc

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused


Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Zuzanna K. Filutowska-2

It is because selinux policy is forbidding it to access the port. Solution - use semanage to allow this port to be used or disable selinux in /etc/sysconfig/selinux.

--
Pozdrawiam,

Zuzanna K. Filutowska

W dniu 23 paź 2015, o 17:30, użytkownik Makis Ladoukakis <[hidden email]> napisał:
Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 8081.

Any idea why?

Kind regards,
Makis


Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: [hidden email]
To: [hidden email]


Hi,
If you have a line in your Apache conf like 
"Listen 80"
change to 
"Listen 8081"



On 20 Oct 2015, at 21:00, Makis Ladoukakis < [hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?


cheers
jc

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:
Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused


Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        





___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

 

Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

David Trudgian
In reply to this post by Makis Ladoukakis

SELinux policies are very strict on CentOS by default. Apache isn’t allowed to access files outside of its standard directories, nor access network resources. Your local Galaxy apps server is a network resource – even though it’s local.

 

If you want to keep SELinux on then use audit2allow to see what policies will enable access:

 

cat /var/log/audit/audit.log | audit2allow –v

 

Then you can use setsebool (temporary) and setsebool –P (permanent) to enable.

 

 

--
David Trudgian Ph.D.
Computational Scientist, BioHPC
UT Southwestern Medical Center
Dallas, TX 75390-9039
Tel: (214) 648-4833

 

From: galaxy-dev [mailto:[hidden email]] On Behalf Of Makis Ladoukakis
Sent: Friday, October 23, 2015 10:30 AM
To: Juan Carlos <[hidden email]>
Cc: [hidden email]
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

 

Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 8081.

Any idea why?

Kind regards,
Makis


Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: [hidden email]
To: [hidden email]

 

Hi,

If you have a line in your Apache conf like 

"Listen 80"

change to 

"Listen 8081"

 

 


On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

 

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?

 

 

cheers

jc

 

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:

Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused

 

Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        



 

___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

 



UT Southwestern

Medical Center

The future of medicine, today.


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
So I disabled SELinux

But that didn't make any difference. While the run.sh runs I still can't see anything but a blank page.

When I changed my apache configuration to include port 8081, the script didn't even run producing the error:


Traceback (most recent call last):
  File "./scripts/paster.py", line 32, in <module>
    serve.run()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 1052, in run
    invoke(command, command_name, options, args[1:])
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 1058, in invoke
    exit_code = runner.run(args)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 221, in run
    result = self.command()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 664, in command
    serve()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 648, in serve
    server(app)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/loadwsgi.py", line 294, in server_wrapper
    **context.local_conf)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/loadwsgi.py", line 99, in fix_call
    val = callable(*args, **kw)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1342, in server_runner
    serve(wsgi_app, **kwargs)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1291, in serve
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1134, in __init__
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1113, in __init__
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 328, in __init__
    HTTPServer.__init__(self, server_address, RequestHandlerClass)
  File "/usr/lib64/python2.7/SocketServer.py", line 419, in __init__
    self.server_bind()
  File "/usr/lib64/python2.7/BaseHTTPServer.py", line 108, in server_bind
    SocketServer.TCPServer.server_bind(self)
  File "/usr/lib64/python2.7/SocketServer.py", line 430, in server_bind
    self.socket.bind(self.server_address)
  File "/usr/lib64/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 98] Address already in use

That error was the same when I changed 80 to 8081 and when I added a second Listen with 8081.

Nothing seems to work on my server. Is Galaxy even compatible with CentOS? Is there something else that I am missing?

Any help would be appreciated. This installation seems impossible.

Thank you,
Makis





From: [hidden email]
To: [hidden email]; [hidden email]
CC: [hidden email]
Date: Fri, 23 Oct 2015 17:30:51 +0000
Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

SELinux policies are very strict on CentOS by default. Apache isn’t allowed to access files outside of its standard directories, nor access network resources. Your local Galaxy apps server is a network resource – even though it’s local.

 

If you want to keep SELinux on then use audit2allow to see what policies will enable access:

 

cat /var/log/audit/audit.log | audit2allow –v

 

Then you can use setsebool (temporary) and setsebool –P (permanent) to enable.

 

 

--
David Trudgian Ph.D.
Computational Scientist, BioHPC
UT Southwestern Medical Center
Dallas, TX 75390-9039
Tel: (214) 648-4833

 

From: galaxy-dev [mailto:[hidden email]] On Behalf Of Makis Ladoukakis
Sent: Friday, October 23, 2015 10:30 AM
To: Juan Carlos <[hidden email]>
Cc: [hidden email]
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

 

Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 8081.

Any idea why?

Kind regards,
Makis


Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: [hidden email]
To: [hidden email]

 

Hi,

If you have a line in your Apache conf like 

"Listen 80"

change to 

"Listen 8081"

 

 


On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

 

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?

 

 

cheers

jc

 

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:

Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused

 

Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        



 

___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

 



UT Southwestern

Medical Center

The future of medicine, today.


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis

Also when I tried to run it without the addition of port 8081 in apache configuration file (when all I saw was a blank page) the error in /var/log/httpd/error_log was the following:

 AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,welcome.html,index.php) found, and server-generated directory index forbidden by Options directive



From: [hidden email]
To: [hidden email]; [hidden email]; [hidden email]
Date: Tue, 3 Nov 2015 12:53:36 +0200
CC: [hidden email]
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

So I disabled SELinux

But that didn't make any difference. While the run.sh runs I still can't see anything but a blank page.

When I changed my apache configuration to include port 8081, the script didn't even run producing the error:


Traceback (most recent call last):
  File "./scripts/paster.py", line 32, in <module>
    serve.run()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 1052, in run
    invoke(command, command_name, options, args[1:])
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 1058, in invoke
    exit_code = runner.run(args)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 221, in run
    result = self.command()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 664, in command
    serve()
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/serve.py", line 648, in serve
    server(app)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/loadwsgi.py", line 294, in server_wrapper
    **context.local_conf)
  File "/home/galaxy_test/galaxy/lib/galaxy/util/pastescript/loadwsgi.py", line 99, in fix_call
    val = callable(*args, **kw)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1342, in server_runner
    serve(wsgi_app, **kwargs)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1291, in serve
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1134, in __init__
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1113, in __init__
    request_queue_size=request_queue_size)
  File "/home/galaxy_test/galaxy/eggs/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 328, in __init__
    HTTPServer.__init__(self, server_address, RequestHandlerClass)
  File "/usr/lib64/python2.7/SocketServer.py", line 419, in __init__
    self.server_bind()
  File "/usr/lib64/python2.7/BaseHTTPServer.py", line 108, in server_bind
    SocketServer.TCPServer.server_bind(self)
  File "/usr/lib64/python2.7/SocketServer.py", line 430, in server_bind
    self.socket.bind(self.server_address)
  File "/usr/lib64/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 98] Address already in use

That error was the same when I changed 80 to 8081 and when I added a second Listen with 8081.

Nothing seems to work on my server. Is Galaxy even compatible with CentOS? Is there something else that I am missing?

Any help would be appreciated. This installation seems impossible.

Thank you,
Makis





From: [hidden email]
To: [hidden email]; [hidden email]
CC: [hidden email]
Date: Fri, 23 Oct 2015 17:30:51 +0000
Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

SELinux policies are very strict on CentOS by default. Apache isn’t allowed to access files outside of its standard directories, nor access network resources. Your local Galaxy apps server is a network resource – even though it’s local.

 

If you want to keep SELinux on then use audit2allow to see what policies will enable access:

 

cat /var/log/audit/audit.log | audit2allow –v

 

Then you can use setsebool (temporary) and setsebool –P (permanent) to enable.

 

 

--
David Trudgian Ph.D.
Computational Scientist, BioHPC
UT Southwestern Medical Center
Dallas, TX 75390-9039
Tel: (214) 648-4833

 

From: galaxy-dev [mailto:[hidden email]] On Behalf Of Makis Ladoukakis
Sent: Friday, October 23, 2015 10:30 AM
To: Juan Carlos <[hidden email]>
Cc: [hidden email]
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused

 

Hello,

That didn't work. The apache restart failed with the following error:

SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket port 8081.

Any idea why?

Kind regards,
Makis


Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 20 Oct 2015 22:25:00 +1030
CC: [hidden email]
To: [hidden email]

 

Hi,

If you have a line in your Apache conf like 

"Listen 80"

change to 

"Listen 8081"

 

 


On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]> wrote:

Hello,

I am sorry but I have really no experience with setting up the Apache web server so I am not really sure how to do that. Can you please help me out with it? My apache configuration file is in /etc/httpd/conf/ directory and there are no directories such as /sites-available/ or /sites-enabled/ (as I would find in an ubuntu installation).

What I did already (after some advice from the server admin) is open up the 8081 port like that:

firewall-cmd  --permanent  --add-port=8081/tcp

firewall-cmd  --reload


and then I got another error:

 [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not found or unable to stat: /var/www/cgi-bin/common

[autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive


which I tried to solve by adding welcome.html as a recognizable filename in the apache configuration:

<IfModule dir_module>
DirectoryIndex index.html welcome.html
</IfModule>


but nothing worked and now the error_log shows the following:

[Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574: module wsgi_module is already loaded, skipping
[Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896] AH01757: generating secret for digest authentication ...
[Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid 46896] AH02282: No slotmem from mod_heartmonitor
[Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

And the webpage that galaxy is supposed to appear is still blank.

Any ideas?

Thank you,
Makis

 


Date: Tue, 20 Oct 2015 11:01:44 +1030
Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
From: [hidden email]
To: [hidden email]
CC: [hidden email]

hi,

 

Maybe sounds silly, but have you tried to put the apache configuration in a virtual host within the sites-enable site?

 

 

cheers

jc

 

On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis <[hidden email]> wrote:

Forwading to this list too. I am not sure if they are two separate lists.

Makis


From: [hidden email]
To: [hidden email]
Date: Mon, 19 Oct 2015 17:04:13 +0300
Subject: [galaxy-dev] Galaxy on Centos via Apache - connection refused

 

Dear all,

I've been trying to set up a Galaxy instance on my CentOS server but even when I manage to run the simplest configuration correctly I can't seem to get it right on my browser as the connection is refused.

I have changed the host to 0.0.0.0, the port to 8081 and made the appropriate changes in Apache configuration file:

RewriteEngine on
RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
RewriteRule ^/galaxy_test/static/style/(.*) /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
RewriteRule ^/galaxy_test/static/scripts/(.*) /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
RewriteRule ^/galaxy_test/static/(.*) /home/galaxy_test/galaxy/static/$1 [L]
RewriteRule ^/galaxy_test/favicon.ico /home/galaxy_test/galaxy/static/favicon.ico [L]
RewriteRule ^/galaxy_test/robots.txt /home/galaxy_test/galaxy/static/robots.txt [L]

So when I tried to run it the first time I got the "temporarily out of service" error on my browser and the following error in apache log:

[Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505] [client 185.25.151.159:39629] AH01114: HTTP: failed to make connection to backend: localhost

Searching the internet I found the following solution:

/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1


but when I restarted my galaxy my browser would now show just a blank page and the error log of apache was:

[Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (*) failed
[Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699] [client 147.102.86.121:51865] AH01114: HTTP: failed to make connection to backend: localhost


Has anyone encountered that?

Kind regards,
Makis






P.S. In case that helps the output of iptables -L is the following:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
INPUT_direct  all  --  anywhere             anywhere           
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere           
INPUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           
FORWARD_direct  all  --  anywhere             anywhere           
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_IN_ZONES  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere           
FORWARD_OUT_ZONES  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
OUTPUT_direct  all  --  anywhere             anywhere           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination        
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination        
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain FORWARD_direct (1 references)
target     prot opt source               destination        

Chain FWDI_public (2 references)
target     prot opt source               destination        
FWDI_public_log  all  --  anywhere             anywhere           
FWDI_public_deny  all  --  anywhere             anywhere           
FWDI_public_allow  all  --  anywhere             anywhere           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination        

Chain FWDI_public_deny (1 references)
target     prot opt source               destination        

Chain FWDI_public_log (1 references)
target     prot opt source               destination        

Chain FWDO_public (2 references)
target     prot opt source               destination        
FWDO_public_log  all  --  anywhere             anywhere           
FWDO_public_deny  all  --  anywhere             anywhere           
FWDO_public_allow  all  --  anywhere             anywhere           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination        

Chain FWDO_public_deny (1 references)
target     prot opt source               destination        

Chain FWDO_public_log (1 references)
target     prot opt source               destination        

Chain INPUT_ZONES (1 references)
target     prot opt source               destination        
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination        

Chain INPUT_direct (1 references)
target     prot opt source               destination        

Chain IN_public (2 references)
target     prot opt source               destination        
IN_public_log  all  --  anywhere             anywhere           
IN_public_deny  all  --  anywhere             anywhere           
IN_public_allow  all  --  anywhere             anywhere           

Chain IN_public_allow (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination        

Chain IN_public_log (1 references)
target     prot opt source               destination        

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        



 

___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

 



UT Southwestern

Medical Center

The future of medicine, today.


___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Federico Zambelli-2
In reply to this post by Makis Ladoukakis
Il 03/11/15 11:53, Makis Ladoukakis ha scritto:

>
> Nothing seems to work on my server. Is Galaxy even compatible with
> CentOS? Is there something else that I am missing?
>

Hello, I'm running a production Galaxy Server on CentOS and I can assure
you it is perfectly feasible. But I'm using NGINX as a web server so I'm
not able to help you with Apache configuration, sorry. Did you try to
use NGINX instead of Apache in order to see if the problem is Apache
related or system related?

Best,
Federico Z.


>
>
> ------------------------------------------------------------------------
> From: [hidden email]
> To: [hidden email]; [hidden email]
> CC: [hidden email]
> Date: Fri, 23 Oct 2015 17:30:51 +0000
> Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> refused
>
> SELinux policies are very strict on CentOS by default. Apache isn’t
> allowed to access files outside of its standard directories, nor access
> network resources. Your local Galaxy apps server is a network resource –
> even though it’s local.
>
> If you want to keep SELinux on then use audit2allow to see what policies
> will enable access:
>
> cat /var/log/audit/audit.log | audit2allow –v
>
> Then you can use setsebool (temporary) and setsebool –P (permanent) to
> enable.
>
> --
> David Trudgian Ph.D.
> Computational Scientist, BioHPC
> UT Southwestern Medical Center
> Dallas, TX 75390-9039
> Tel: (214) 648-4833
>
> *From:*galaxy-dev [mailto:[hidden email]]
> *On Behalf Of *Makis Ladoukakis
> *Sent:* Friday, October 23, 2015 10:30 AM
> *To:* Juan Carlos <[hidden email]>
> *Cc:* [hidden email]
> *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> refused
>
> Hello,
>
> That didn't work. The apache restart failed with the following error:
>
> SELinux is preventing /usr/sbin/httpd from name_bind access on the
> tcp_socket port 8081.
>
> Any idea why?
>
> Kind regards,
> Makis
>
> ------------------------------------------------------------------------
>
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> refused
> From: [hidden email] <mailto:[hidden email]>
> Date: Tue, 20 Oct 2015 22:25:00 +1030
> CC: [hidden email] <mailto:[hidden email]>
> To: [hidden email] <mailto:[hidden email]>
>
> Hi,
>
> If you have a line in your Apache conf like
>
> "Listen 80"
>
> change to
>
> "Listen 8081"
>
>
> On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hello,
>
>     I am sorry but I have really no experience with setting up the
>     Apache web server so I am not really sure how to do that. Can you
>     please help me out with it? My apache configuration file is in
>     /etc/httpd/conf/ directory and there are no directories such as
>     /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
>     installation).
>
>     What I did already (after some advice from the server admin) is open
>     up the 8081 port like that:
>
>     firewall-cmd  --permanent  --add-port=8081/tcp
>
>     firewall-cmd  --reload
>
>
>     and then I got another error:
>
>       [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
>     found or unable to stat: /var/www/cgi-bin/common
>
>     [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
>     Cannot serve directory /var/www/html/: No matching DirectoryIndex
>     (index.html,index.php) found, and server-generated directory index
>     forbidden by Options directive
>
>
>     which I tried to solve by adding welcome.html as a recognizable
>     filename in the apache configuration:
>
>     <IfModule dir_module>
>     DirectoryIndex index.html welcome.html
>     </IfModule>
>
>
>     but nothing worked and now the error_log shows the following:
>
>     [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
>     AH00170: caught SIGWINCH, shutting down gracefully
>     [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
>     policy enabled; httpd running as context system_u:system_r:httpd_t:s0
>     [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
>     AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
>     [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
>     module wsgi_module is already loaded, skipping
>     [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
>     AH01757: generating secret for digest authentication ...
>     [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
>     46896] AH02282: No slotmem from mod_heartmonitor
>     [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
>     AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
>     configured -- resuming normal operations
>     [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
>     Command line: '/usr/sbin/httpd -D FOREGROUND'
>
>     And the webpage that galaxy is supposed to appear is still blank.
>
>     Any ideas?
>
>     Thank you,
>     Makis
>
>     ------------------------------------------------------------------------
>
>     Date: Tue, 20 Oct 2015 11:01:44 +1030
>     Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
>     connection refused
>     From: [hidden email] <mailto:[hidden email]>
>     To: [hidden email] <mailto:[hidden email]>
>     CC: [hidden email] <mailto:[hidden email]>
>
>     hi,
>
>     Maybe sounds silly, but have you tried to put the apache
>     configuration in a virtual host within the sites-enable site?
>
>     cheers
>
>     jc
>
>     On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         Forwading to this list too. I am not sure if they are two
>         separate lists.
>
>         Makis
>
>         ------------------------------------------------------------------------
>
>         From: [hidden email] <mailto:[hidden email]>
>         To: [hidden email]
>         <mailto:[hidden email]>
>         Date: Mon, 19 Oct 2015 17:04:13 +0300
>         Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
>         refused
>
>         Dear all,
>
>         I've been trying to set up a Galaxy instance on my CentOS server
>         but even when I manage to run the simplest configuration
>         correctly I can't seem to get it right on my browser as the
>         connection is refused.
>
>         I have changed the host to 0.0.0.0, the port to 8081 and made
>         the appropriate changes in Apache configuration file:
>
>         RewriteEngine on
>         RewriteRule ^/galaxy_test(.*) <a href="http://localhost:8081$1">http://localhost:8081$1 [P]
>         RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
>         RewriteRule ^/galaxy_test/static/style/(.*)
>         /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
>         RewriteRule ^/galaxy_test/static/scripts/(.*)
>         /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
>         RewriteRule ^/galaxy_test/static/(.*)
>         /home/galaxy_test/galaxy/static/$1 [L]
>         RewriteRule ^/galaxy_test/favicon.ico
>         /home/galaxy_test/galaxy/static/favicon.ico [L]
>         RewriteRule ^/galaxy_test/robots.txt
>         /home/galaxy_test/galaxy/static/robots.txt [L]
>
>         So when I tried to run it the first time I got the "temporarily
>         out of service" error on my browser and the following error in
>         apache log:
>
>         [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
>         (13)Permission denied: AH00957: HTTP: attempt to connect to
>         127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
>         [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
>         [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
>         AH01114: HTTP: failed to make connection to backend: localhost
>
>         Searching the internet I found the following solution:
>
>         /usr/sbin/setsebool httpd_can_network_connect 1
>         /usr/sbin/setsebool -P httpd_can_network_connect 1
>
>
>         but when I restarted my galaxy my browser would now show just a
>         blank page and the error log of apache was:
>
>         [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
>         (111)Connection refused: AH00957: HTTP: attempt to connect to
>         127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
>         [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
>         [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
>         AH01114: HTTP: failed to make connection to backend: localhost
>
>
>         Has anyone encountered that?
>
>         Kind regards,
>         Makis
>
>
>
>
>
>
>         P.S. In case that helps the output of iptables -L is the following:
>         Chain INPUT (policy ACCEPT)
>         target     prot opt source               destination
>         ACCEPT     all  --  anywhere             anywhere
>         ctstate RELATED,ESTABLISHED
>         ACCEPT     all  --  anywhere             anywhere
>         INPUT_direct  all  --  anywhere             anywhere
>         INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
>         INPUT_ZONES  all  --  anywhere             anywhere
>         ACCEPT     icmp --  anywhere             anywhere
>         REJECT     all  --  anywhere             anywhere
>         reject-with icmp-host-prohibited
>
>         Chain FORWARD (policy ACCEPT)
>         target     prot opt source               destination
>         ACCEPT     all  --  anywhere             anywhere
>         ctstate RELATED,ESTABLISHED
>         ACCEPT     all  --  anywhere             anywhere
>         FORWARD_direct  all  --  anywhere             anywhere
>         FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
>         FORWARD_IN_ZONES  all  --  anywhere             anywhere
>         FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
>         FORWARD_OUT_ZONES  all  --  anywhere             anywhere
>         ACCEPT     icmp --  anywhere             anywhere
>         REJECT     all  --  anywhere             anywhere
>         reject-with icmp-host-prohibited
>
>         Chain OUTPUT (policy ACCEPT)
>         target     prot opt source               destination
>         OUTPUT_direct  all  --  anywhere             anywhere
>
>         Chain FORWARD_IN_ZONES (1 references)
>         target     prot opt source               destination
>         FWDI_public  all  --  anywhere             anywhere
>         [goto]
>         FWDI_public  all  --  anywhere             anywhere
>         [goto]
>
>         Chain FORWARD_IN_ZONES_SOURCE (1 references)
>         target     prot opt source               destination
>
>         Chain FORWARD_OUT_ZONES (1 references)
>         target     prot opt source               destination
>         FWDO_public  all  --  anywhere             anywhere
>         [goto]
>         FWDO_public  all  --  anywhere             anywhere
>         [goto]
>
>         Chain FORWARD_OUT_ZONES_SOURCE (1 references)
>         target     prot opt source               destination
>
>         Chain FORWARD_direct (1 references)
>         target     prot opt source               destination
>
>         Chain FWDI_public (2 references)
>         target     prot opt source               destination
>         FWDI_public_log  all  --  anywhere             anywhere
>         FWDI_public_deny  all  --  anywhere             anywhere
>         FWDI_public_allow  all  --  anywhere             anywhere
>
>         Chain FWDI_public_allow (1 references)
>         target     prot opt source               destination
>
>         Chain FWDI_public_deny (1 references)
>         target     prot opt source               destination
>
>         Chain FWDI_public_log (1 references)
>         target     prot opt source               destination
>
>         Chain FWDO_public (2 references)
>         target     prot opt source               destination
>         FWDO_public_log  all  --  anywhere             anywhere
>         FWDO_public_deny  all  --  anywhere             anywhere
>         FWDO_public_allow  all  --  anywhere             anywhere
>
>         Chain FWDO_public_allow (1 references)
>         target     prot opt source               destination
>
>         Chain FWDO_public_deny (1 references)
>         target     prot opt source               destination
>
>         Chain FWDO_public_log (1 references)
>         target     prot opt source               destination
>
>         Chain INPUT_ZONES (1 references)
>         target     prot opt source               destination
>         IN_public  all  --  anywhere             anywhere            [goto]
>         IN_public  all  --  anywhere             anywhere            [goto]
>
>         Chain INPUT_ZONES_SOURCE (1 references)
>         target     prot opt source               destination
>
>         Chain INPUT_direct (1 references)
>         target     prot opt source               destination
>
>         Chain IN_public (2 references)
>         target     prot opt source               destination
>         IN_public_log  all  --  anywhere             anywhere
>         IN_public_deny  all  --  anywhere             anywhere
>         IN_public_allow  all  --  anywhere             anywhere
>
>         Chain IN_public_allow (1 references)
>         target     prot opt source               destination
>         ACCEPT     tcp  --  anywhere             anywhere
>         tcp dpt:http ctstate NEW
>         ACCEPT     tcp  --  anywhere             anywhere
>         tcp dpt:ssh ctstate NEW
>         ACCEPT     tcp  --  anywhere             anywhere
>         tcp dpt:https ctstate NEW
>
>         Chain IN_public_deny (1 references)
>         target     prot opt source               destination
>
>         Chain IN_public_log (1 references)
>         target     prot opt source               destination
>
>         Chain OUTPUT_direct (1 references)
>         target     prot opt source               destination
>
>
>
>         ___________________________________________________________
>         Please keep all replies on the list by using "reply all" in your
>         mail client. To manage your subscriptions to this and other
>         Galaxy lists, please use the interface at:
>         https://lists.galaxyproject.org/ To search Galaxy mailing lists
>         use the unified search at:
>         http://galaxyproject.org/search/mailinglists/
>
>
>         ___________________________________________________________
>         Please keep all replies on the list by using "reply all"
>         in your mail client.  To manage your subscriptions to this
>         and other Galaxy lists, please use the interface at:
>         https://lists.galaxyproject.org/
>
>         To search Galaxy mailing lists use the unified search at:
>         http://galaxyproject.org/search/mailinglists/
>
>
> ------------------------------------------------------------------------
>
> UTSouthwestern
>
> Medical Center
>
> The future of medicine, today.
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>    https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>    http://galaxyproject.org/search/mailinglists/
>

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: FW: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
Hello,

Unfortunately I cannot change web servers at the moment. There are a lot of applications that I would need to make changes for the nginx configuration plus i am not very experienced with nginx (apparently not with apache as well outside debian systems).

Thank you,
Makis

> To: [hidden email]

> From: [hidden email]
> Date: Tue, 3 Nov 2015 17:19:59 +0100
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
>
> Il 03/11/15 11:53, Makis Ladoukakis ha scritto:
>
> >
> > Nothing seems to work on my server. Is Galaxy even compatible with
> > CentOS? Is there something else that I am missing?
> >
>
> Hello, I'm running a production Galaxy Server on CentOS and I can assure
> you it is perfectly feasible. But I'm using NGINX as a web server so I'm
> not able to help you with Apache configuration, sorry. Did you try to
> use NGINX instead of Apache in order to see if the problem is Apache
> related or system related?
>
> Best,
> Federico Z.
>
>
> >
> >
> > ------------------------------------------------------------------------
> > From: [hidden email]
> > To: [hidden email]; [hidden email]
> > CC: [hidden email]
> > Date: Fri, 23 Oct 2015 17:30:51 +0000
> > Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > SELinux policies are very strict on CentOS by default. Apache isn’t
> > allowed to access files outside of its standard directories, nor access
> > network resources. Your local Galaxy apps server is a network resource –
> > even though it’s local.
> >
> > If you want to keep SELinux on then use audit2allow to see what policies
> > will enable access:
> >
> > cat /var/log/audit/audit.log | audit2allow –v
> >
> > Then you can use setsebool (temporary) and setsebool –P (permanent) to
> > enable.
> >
> > --
> > David Trudgian Ph.D.
> > Computational Scientist, BioHPC
> > UT Southwestern Medical Center
> > Dallas, TX 75390-9039
> > Tel: (214) 648-4833
> >
> > *From:*galaxy-dev [mailto:[hidden email]]
> > *On Behalf Of *Makis Ladoukakis
> > *Sent:* Friday, October 23, 2015 10:30 AM
> > *To:* Juan Carlos <[hidden email]>
> > *Cc:* [hidden email]
> > *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > Hello,
> >
> > That didn't work. The apache restart failed with the following error:
> >
> > SELinux is preventing /usr/sbin/httpd from name_bind access on the
> > tcp_socket port 8081.
> >
> > Any idea why?
> >
> > Kind regards,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> > From: [hidden email] <mailto:[hidden email]>
> > Date: Tue, 20 Oct 2015 22:25:00 +1030
> > CC: [hidden email] <mailto:[hidden email]>
> > To: [hidden email] <mailto:[hidden email]>
> >
> > Hi,
> >
> > If you have a line in your Apache conf like
> >
> > "Listen 80"
> >
> > change to
> >
> > "Listen 8081"
> >
> >
> > On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> > <mailto:[hidden email]>> wrote:
> >
> > Hello,
> >
> > I am sorry but I have really no experience with setting up the
> > Apache web server so I am not really sure how to do that. Can you
> > please help me out with it? My apache configuration file is in
> > /etc/httpd/conf/ directory and there are no directories such as
> > /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
> > installation).
> >
> > What I did already (after some advice from the server admin) is open
> > up the 8081 port like that:
> >
> > firewall-cmd --permanent --add-port=8081/tcp
> >
> > firewall-cmd --reload
> >
> >
> > and then I got another error:
> >
> > [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
> > found or unable to stat: /var/www/cgi-bin/common
> >
> > [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
> > Cannot serve directory /var/www/html/: No matching DirectoryIndex
> > (index.html,index.php) found, and server-generated directory index
> > forbidden by Options directive
> >
> >
> > which I tried to solve by adding welcome.html as a recognizable
> > filename in the apache configuration:
> >
> > <IfModule dir_module>
> > DirectoryIndex index.html welcome.html
> > </IfModule>
> >
> >
> > but nothing worked and now the error_log shows the following:
> >
> > [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
> > AH00170: caught SIGWINCH, shutting down gracefully
> > [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
> > policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> > [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
> > AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
> > module wsgi_module is already loaded, skipping
> > [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
> > AH01757: generating secret for digest authentication ...
> > [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
> > 46896] AH02282: No slotmem from mod_heartmonitor
> > [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
> > AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
> > configured -- resuming normal operations
> > [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
> > Command line: '/usr/sbin/httpd -D FOREGROUND'
> >
> > And the webpage that galaxy is supposed to appear is still blank.
> >
> > Any ideas?
> >
> > Thank you,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Date: Tue, 20 Oct 2015 11:01:44 +1030
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
> > connection refused
> > From: [hidden email] <mailto:[hidden email]>
> > To: [hidden email] <mailto:[hidden email]>
> > CC: [hidden email] <mailto:[hidden email]>
> >
> > hi,
> >
> > Maybe sounds silly, but have you tried to put the apache
> > configuration in a virtual host within the sites-enable site?
> >
> > cheers
> >
> > jc
> >
> > On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
> > <[hidden email] <mailto:[hidden email]>> wrote:
> >
> > Forwading to this list too. I am not sure if they are two
> > separate lists.
> >
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > From: [hidden email] <mailto:[hidden email]>
> > To: [hidden email]
> > <mailto:[hidden email]>
> > Date: Mon, 19 Oct 2015 17:04:13 +0300
> > Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
> > refused
> >
> > Dear all,
> >
> > I've been trying to set up a Galaxy instance on my CentOS server
> > but even when I manage to run the simplest configuration
> > correctly I can't seem to get it right on my browser as the
> > connection is refused.
> >
> > I have changed the host to 0.0.0.0, the port to 8081 and made
> > the appropriate changes in Apache configuration file:
> >
> > RewriteEngine on
> > RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
> > RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
> > RewriteRule ^/galaxy_test/static/style/(.*)
> > /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
> > RewriteRule ^/galaxy_test/static/scripts/(.*)
> > /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
> > RewriteRule ^/galaxy_test/static/(.*)
> > /home/galaxy_test/galaxy/static/$1 [L]
> > RewriteRule ^/galaxy_test/favicon.ico
> > /home/galaxy_test/galaxy/static/favicon.ico [L]
> > RewriteRule ^/galaxy_test/robots.txt
> > /home/galaxy_test/galaxy/static/robots.txt [L]
> >
> > So when I tried to run it the first time I got the "temporarily
> > out of service" error on my browser and the following error in
> > apache log:
> >
> > [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
> > (13)Permission denied: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
> > [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> > Searching the internet I found the following solution:
> >
> > /usr/sbin/setsebool httpd_can_network_connect 1
> > /usr/sbin/setsebool -P httpd_can_network_connect 1
> >
> >
> > but when I restarted my galaxy my browser would now show just a
> > blank page and the error log of apache was:
> >
> > [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
> > (111)Connection refused: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
> > [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> >
> > Has anyone encountered that?
> >
> > Kind regards,
> > Makis
> >
> >
> >
> >
> >
> >
> > P.S. In case that helps the output of iptables -L is the following:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > INPUT_direct all -- anywhere anywhere
> > INPUT_ZONES_SOURCE all -- anywhere anywhere
> > INPUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > FORWARD_direct all -- anywhere anywhere
> > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_IN_ZONES all -- anywhere anywhere
> > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_OUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > OUTPUT_direct all -- anywhere anywhere
> >
> > Chain FORWARD_IN_ZONES (1 references)
> > target prot opt source destination
> > FWDI_public all -- anywhere anywhere
> > [goto]
> > FWDI_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_IN_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_OUT_ZONES (1 references)
> > target prot opt source destination
> > FWDO_public all -- anywhere anywhere
> > [goto]
> > FWDO_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_direct (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public (2 references)
> > target prot opt source destination
> > FWDI_public_log all -- anywhere anywhere
> > FWDI_public_deny all -- anywhere anywhere
> > FWDI_public_allow all -- anywhere anywhere
> >
> > Chain FWDI_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_log (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public (2 references)
> > target prot opt source destination
> > FWDO_public_log all -- anywhere anywhere
> > FWDO_public_deny all -- anywhere anywhere
> > FWDO_public_allow all -- anywhere anywhere
> >
> > Chain FWDO_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_log (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_ZONES (1 references)
> > target prot opt source destination
> > IN_public all -- anywhere anywhere [goto]
> > IN_public all -- anywhere anywhere [goto]
> >
> > Chain INPUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_direct (1 references)
> > target prot opt source destination
> >
> > Chain IN_public (2 references)
> > target prot opt source destination
> > IN_public_log all -- anywhere anywhere
> > IN_public_deny all -- anywhere anywhere
> > IN_public_allow all -- anywhere anywhere
> >
> > Chain IN_public_allow (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:http ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ssh ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:https ctstate NEW
> >
> > Chain IN_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain IN_public_log (1 references)
> > target prot opt source destination
> >
> > Chain OUTPUT_direct (1 references)
> > target prot opt source destination
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all" in your
> > mail client. To manage your subscriptions to this and other
> > Galaxy lists, please use the interface at:
> > https://lists.galaxyproject.org/ To search Galaxy mailing lists
> > use the unified search at:
> > http://galaxyproject.org/search/mailinglists/
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> > https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> > http://galaxyproject.org/search/mailinglists/
> >
> >
> > ------------------------------------------------------------------------
> >
> > UTSouthwestern
> >
> > Medical Center
> >
> > The future of medicine, today.
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> > https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> > http://galaxyproject.org/search/mailinglists/
> >
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
> http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Galaxy on Centos via Apache - connection refused

Keith Suderman
Do you have another service running on 8081?  I see the server is complaining about that address already being in use.  Also, do you have an index.html or welcome.html in /var/www/html?

Cheers,
Keith

On Nov 3, 2015, at 11:39 AM, Makis Ladoukakis <[hidden email]> wrote:

Hello,

Unfortunately I cannot change web servers at the moment. There are a lot of applications that I would need to make changes for the nginx configuration plus i am not very experienced with nginx (apparently not with apache as well outside debian systems).

Thank you,
Makis

> To: [hidden email]

> From: [hidden email]
> Date: Tue, 3 Nov 2015 17:19:59 +0100
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
> 
> Il 03/11/15 11:53, Makis Ladoukakis ha scritto:
> 
> >
> > Nothing seems to work on my server. Is Galaxy even compatible with
> > CentOS? Is there something else that I am missing?
> >
> 
> Hello, I'm running a production Galaxy Server on CentOS and I can assure 
> you it is perfectly feasible. But I'm using NGINX as a web server so I'm 
> not able to help you with Apache configuration, sorry. Did you try to 
> use NGINX instead of Apache in order to see if the problem is Apache 
> related or system related?
> 
> Best,
> Federico Z.
> 
> 
> >
> >
> > ------------------------------------------------------------------------
> > From: [hidden email]
> > To: [hidden email]; [hidden email]
> > CC: [hidden email]
> > Date: Fri, 23 Oct 2015 17:30:51 +0000
> > Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > SELinux policies are very strict on CentOS by default. Apache isn’t
> > allowed to access files outside of its standard directories, nor access
> > network resources. Your local Galaxy apps server is a network resource –
> > even though it’s local.
> >
> > If you want to keep SELinux on then use audit2allow to see what policies
> > will enable access:
> >
> > cat /var/log/audit/audit.log | audit2allow –v
> >
> > Then you can use setsebool (temporary) and setsebool –P (permanent) to
> > enable.
> >
> > --
> > David Trudgian Ph.D.
> > Computational Scientist, BioHPC
> > UT Southwestern Medical Center
> > Dallas, TX 75390-9039
> > Tel: (214) 648-4833
> >
> > *From:*galaxy-dev [[hidden email]]
> > *On Behalf Of *Makis Ladoukakis
> > *Sent:* Friday, October 23, 2015 10:30 AM
> > *To:* Juan Carlos <[hidden email]>
> > *Cc:* [hidden email]
> > *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > Hello,
> >
> > That didn't work. The apache restart failed with the following error:
> >
> > SELinux is preventing /usr/sbin/httpd from name_bind access on the
> > tcp_socket port 8081.
> >
> > Any idea why?
> >
> > Kind regards,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> > From: [hidden email] <[hidden email]>
> > Date: Tue, 20 Oct 2015 22:25:00 +1030
> > CC: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> >
> > Hi,
> >
> > If you have a line in your Apache conf like
> >
> > "Listen 80"
> >
> > change to
> >
> > "Listen 8081"
> >
> >
> > On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> > <[hidden email]>> wrote:
> >
> > Hello,
> >
> > I am sorry but I have really no experience with setting up the
> > Apache web server so I am not really sure how to do that. Can you
> > please help me out with it? My apache configuration file is in
> > /etc/httpd/conf/ directory and there are no directories such as
> > /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
> > installation).
> >
> > What I did already (after some advice from the server admin) is open
> > up the 8081 port like that:
> >
> > firewall-cmd --permanent --add-port=8081/tcp
> >
> > firewall-cmd --reload
> >
> >
> > and then I got another error:
> >
> > [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
> > found or unable to stat: /var/www/cgi-bin/common
> >
> > [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
> > Cannot serve directory /var/www/html/: No matching DirectoryIndex
> > (index.html,index.php) found, and server-generated directory index
> > forbidden by Options directive
> >
> >
> > which I tried to solve by adding welcome.html as a recognizable
> > filename in the apache configuration:
> >
> > <IfModule dir_module>
> > DirectoryIndex index.html welcome.html
> > </IfModule>
> >
> >
> > but nothing worked and now the error_log shows the following:
> >
> > [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
> > AH00170: caught SIGWINCH, shutting down gracefully
> > [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
> > policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> > [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
> > AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
> > module wsgi_module is already loaded, skipping
> > [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
> > AH01757: generating secret for digest authentication ...
> > [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
> > 46896] AH02282: No slotmem from mod_heartmonitor
> > [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
> > AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
> > configured -- resuming normal operations
> > [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
> > Command line: '/usr/sbin/httpd -D FOREGROUND'
> >
> > And the webpage that galaxy is supposed to appear is still blank.
> >
> > Any ideas?
> >
> > Thank you,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Date: Tue, 20 Oct 2015 11:01:44 +1030
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
> > connection refused
> > From: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> > CC: [hidden email] <[hidden email]>
> >
> > hi,
> >
> > Maybe sounds silly, but have you tried to put the apache
> > configuration in a virtual host within the sites-enable site?
> >
> > cheers
> >
> > jc
> >
> > On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
> > <[hidden email] <[hidden email]>> wrote:
> >
> > Forwading to this list too. I am not sure if they are two
> > separate lists.
> >
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > From: [hidden email] <[hidden email]>
> > To: [hidden email]
> > <[hidden email]>
> > Date: Mon, 19 Oct 2015 17:04:13 +0300
> > Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
> > refused
> >
> > Dear all,
> >
> > I've been trying to set up a Galaxy instance on my CentOS server
> > but even when I manage to run the simplest configuration
> > correctly I can't seem to get it right on my browser as the
> > connection is refused.
> >
> > I have changed the host to 0.0.0.0, the port to 8081 and made
> > the appropriate changes in Apache configuration file:
> >
> > RewriteEngine on
> > RewriteRule ^/galaxy_test(.*) <a href="http://localhost:8081$1" class="">http://localhost:8081$1 [P]
> > RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
> > RewriteRule ^/galaxy_test/static/style/(.*)
> > /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
> > RewriteRule ^/galaxy_test/static/scripts/(.*)
> > /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
> > RewriteRule ^/galaxy_test/static/(.*)
> > /home/galaxy_test/galaxy/static/$1 [L]
> > RewriteRule ^/galaxy_test/favicon.ico
> > /home/galaxy_test/galaxy/static/favicon.ico [L]
> > RewriteRule ^/galaxy_test/robots.txt
> > /home/galaxy_test/galaxy/static/robots.txt [L]
> >
> > So when I tried to run it the first time I got the "temporarily
> > out of service" error on my browser and the following error in
> > apache log:
> >
> > [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
> > (13)Permission denied: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
> > [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> > Searching the internet I found the following solution:
> >
> > /usr/sbin/setsebool httpd_can_network_connect 1
> > /usr/sbin/setsebool -P httpd_can_network_connect 1
> >
> >
> > but when I restarted my galaxy my browser would now show just a
> > blank page and the error log of apache was:
> >
> > [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
> > (111)Connection refused: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
> > [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> >
> > Has anyone encountered that?
> >
> > Kind regards,
> > Makis
> >
> >
> >
> >
> >
> >
> > P.S. In case that helps the output of iptables -L is the following:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > INPUT_direct all -- anywhere anywhere
> > INPUT_ZONES_SOURCE all -- anywhere anywhere
> > INPUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > FORWARD_direct all -- anywhere anywhere
> > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_IN_ZONES all -- anywhere anywhere
> > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_OUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > OUTPUT_direct all -- anywhere anywhere
> >
> > Chain FORWARD_IN_ZONES (1 references)
> > target prot opt source destination
> > FWDI_public all -- anywhere anywhere
> > [goto]
> > FWDI_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_IN_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_OUT_ZONES (1 references)
> > target prot opt source destination
> > FWDO_public all -- anywhere anywhere
> > [goto]
> > FWDO_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_direct (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public (2 references)
> > target prot opt source destination
> > FWDI_public_log all -- anywhere anywhere
> > FWDI_public_deny all -- anywhere anywhere
> > FWDI_public_allow all -- anywhere anywhere
> >
> > Chain FWDI_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_log (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public (2 references)
> > target prot opt source destination
> > FWDO_public_log all -- anywhere anywhere
> > FWDO_public_deny all -- anywhere anywhere
> > FWDO_public_allow all -- anywhere anywhere
> >
> > Chain FWDO_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_log (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_ZONES (1 references)
> > target prot opt source destination
> > IN_public all -- anywhere anywhere [goto]
> > IN_public all -- anywhere anywhere [goto]
> >
> > Chain INPUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_direct (1 references)
> > target prot opt source destination
> >
> > Chain IN_public (2 references)
> > target prot opt source destination
> > IN_public_log all -- anywhere anywhere
> > IN_public_deny all -- anywhere anywhere
> > IN_public_allow all -- anywhere anywhere
> >
> > Chain IN_public_allow (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:http ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ssh ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:https ctstate NEW
> >
> > Chain IN_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain IN_public_log (1 references)
> > target prot opt source destination
> >
> > Chain OUTPUT_direct (1 references)
> > target prot opt source destination
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all" in your
> > mail client. To manage your subscriptions to this and other
> > Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/ To search Galaxy mailing lists
> > use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ------------------------------------------------------------------------
> >
> > UTSouthwestern
> >
> > Medical Center
> >
> > The future of medicine, today.
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  https://lists.galaxyproject.org/
> 
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
Νο, no other service is running on 8081. This is the output of netstat -tulpn:

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
udp        0      0 0.0.0.0:123             0.0.0.0:*                           -
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -
udp        0      0 0.0.0.0:33715           0.0.0.0:*                           -
udp6       0      0 :::123                  :::*                                -
udp6       0      0 ::1:323                 :::*    

And no I only have an info.php in that directory. Does that affect Galaxy in any way?

Thank you,
Makis


Subject: Re: [galaxy-dev] Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 3 Nov 2015 12:07:12 -0500
CC: [hidden email]; [hidden email]
To: [hidden email]

Do you have another service running on 8081?  I see the server is complaining about that address already being in use.  Also, do you have an index.html or welcome.html in /var/www/html?

Cheers,
Keith

On Nov 3, 2015, at 11:39 AM, Makis Ladoukakis <[hidden email]> wrote:

Hello,

Unfortunately I cannot change web servers at the moment. There are a lot of applications that I would need to make changes for the nginx configuration plus i am not very experienced with nginx (apparently not with apache as well outside debian systems).

Thank you,
Makis

> To: [hidden email]

> From: [hidden email]
> Date: Tue, 3 Nov 2015 17:19:59 +0100
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
> 
> Il 03/11/15 11:53, Makis Ladoukakis ha scritto:
> 
> >
> > Nothing seems to work on my server. Is Galaxy even compatible with
> > CentOS? Is there something else that I am missing?
> >
> 
> Hello, I'm running a production Galaxy Server on CentOS and I can assure 
> you it is perfectly feasible. But I'm using NGINX as a web server so I'm 
> not able to help you with Apache configuration, sorry. Did you try to 
> use NGINX instead of Apache in order to see if the problem is Apache 
> related or system related?
> 
> Best,
> Federico Z.
> 
> 
> >
> >
> > ------------------------------------------------------------------------
> > From: [hidden email]
> > To: [hidden email]; [hidden email]
> > CC: [hidden email]
> > Date: Fri, 23 Oct 2015 17:30:51 +0000
> > Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > SELinux policies are very strict on CentOS by default. Apache isn't
> > allowed to access files outside of its standard directories, nor access
> > network resources. Your local Galaxy apps server is a network resource -
> > even though it's local.
> >
> > If you want to keep SELinux on then use audit2allow to see what policies
> > will enable access:
> >
> > cat /var/log/audit/audit.log | audit2allow -v
> >
> > Then you can use setsebool (temporary) and setsebool -P (permanent) to
> > enable.
> >
> > --
> > David Trudgian Ph.D.
> > Computational Scientist, BioHPC
> > UT Southwestern Medical Center
> > Dallas, TX 75390-9039
> > Tel: (214) 648-4833
> >
> > *From:*galaxy-dev [[hidden email]]
> > *On Behalf Of *Makis Ladoukakis
> > *Sent:* Friday, October 23, 2015 10:30 AM
> > *To:* Juan Carlos <[hidden email]>
> > *Cc:* [hidden email]
> > *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > Hello,
> >
> > That didn't work. The apache restart failed with the following error:
> >
> > SELinux is preventing /usr/sbin/httpd from name_bind access on the
> > tcp_socket port 8081.
> >
> > Any idea why?
> >
> > Kind regards,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> > From: [hidden email] <[hidden email]>
> > Date: Tue, 20 Oct 2015 22:25:00 +1030
> > CC: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> >
> > Hi,
> >
> > If you have a line in your Apache conf like
> >
> > "Listen 80"
> >
> > change to
> >
> > "Listen 8081"
> >
> >
> > On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> > <[hidden email]>> wrote:
> >
> > Hello,
> >
> > I am sorry but I have really no experience with setting up the
> > Apache web server so I am not really sure how to do that. Can you
> > please help me out with it? My apache configuration file is in
> > /etc/httpd/conf/ directory and there are no directories such as
> > /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
> > installation).
> >
> > What I did already (after some advice from the server admin) is open
> > up the 8081 port like that:
> >
> > firewall-cmd --permanent --add-port=8081/tcp
> >
> > firewall-cmd --reload
> >
> >
> > and then I got another error:
> >
> > [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
> > found or unable to stat: /var/www/cgi-bin/common
> >
> > [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
> > Cannot serve directory /var/www/html/: No matching DirectoryIndex
> > (index.html,index.php) found, and server-generated directory index
> > forbidden by Options directive
> >
> >
> > which I tried to solve by adding welcome.html as a recognizable
> > filename in the apache configuration:
> >
> > <IfModule dir_module>
> > DirectoryIndex index.html welcome.html
> > </IfModule>
> >
> >
> > but nothing worked and now the error_log shows the following:
> >
> > [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
> > AH00170: caught SIGWINCH, shutting down gracefully
> > [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
> > policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> > [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
> > AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
> > module wsgi_module is already loaded, skipping
> > [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
> > AH01757: generating secret for digest authentication ...
> > [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
> > 46896] AH02282: No slotmem from mod_heartmonitor
> > [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
> > AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
> > configured -- resuming normal operations
> > [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
> > Command line: '/usr/sbin/httpd -D FOREGROUND'
> >
> > And the webpage that galaxy is supposed to appear is still blank.
> >
> > Any ideas?
> >
> > Thank you,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Date: Tue, 20 Oct 2015 11:01:44 +1030
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
> > connection refused
> > From: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> > CC: [hidden email] <[hidden email]>
> >
> > hi,
> >
> > Maybe sounds silly, but have you tried to put the apache
> > configuration in a virtual host within the sites-enable site?
> >
> > cheers
> >
> > jc
> >
> > On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
> > <[hidden email] <[hidden email]>> wrote:
> >
> > Forwading to this list too. I am not sure if they are two
> > separate lists.
> >
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > From: [hidden email] <[hidden email]>
> > To: [hidden email]
> > <[hidden email]>
> > Date: Mon, 19 Oct 2015 17:04:13 +0300
> > Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
> > refused
> >
> > Dear all,
> >
> > I've been trying to set up a Galaxy instance on my CentOS server
> > but even when I manage to run the simplest configuration
> > correctly I can't seem to get it right on my browser as the
> > connection is refused.
> >
> > I have changed the host to 0.0.0.0, the port to 8081 and made
> > the appropriate changes in Apache configuration file:
> >
> > RewriteEngine on
> > RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
> > RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
> > RewriteRule ^/galaxy_test/static/style/(.*)
> > /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
> > RewriteRule ^/galaxy_test/static/scripts/(.*)
> > /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
> > RewriteRule ^/galaxy_test/static/(.*)
> > /home/galaxy_test/galaxy/static/$1 [L]
> > RewriteRule ^/galaxy_test/favicon.ico
> > /home/galaxy_test/galaxy/static/favicon.ico [L]
> > RewriteRule ^/galaxy_test/robots.txt
> > /home/galaxy_test/galaxy/static/robots.txt [L]
> >
> > So when I tried to run it the first time I got the "temporarily
> > out of service" error on my browser and the following error in
> > apache log:
> >
> > [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
> > (13)Permission denied: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
> > [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> > Searching the internet I found the following solution:
> >
> > /usr/sbin/setsebool httpd_can_network_connect 1
> > /usr/sbin/setsebool -P httpd_can_network_connect 1
> >
> >
> > but when I restarted my galaxy my browser would now show just a
> > blank page and the error log of apache was:
> >
> > [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
> > (111)Connection refused: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
> > [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> >
> > Has anyone encountered that?
> >
> > Kind regards,
> > Makis
> >
> >
> >
> >
> >
> >
> > P.S. In case that helps the output of iptables -L is the following:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > INPUT_direct all -- anywhere anywhere
> > INPUT_ZONES_SOURCE all -- anywhere anywhere
> > INPUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > FORWARD_direct all -- anywhere anywhere
> > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_IN_ZONES all -- anywhere anywhere
> > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_OUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > OUTPUT_direct all -- anywhere anywhere
> >
> > Chain FORWARD_IN_ZONES (1 references)
> > target prot opt source destination
> > FWDI_public all -- anywhere anywhere
> > [goto]
> > FWDI_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_IN_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_OUT_ZONES (1 references)
> > target prot opt source destination
> > FWDO_public all -- anywhere anywhere
> > [goto]
> > FWDO_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_direct (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public (2 references)
> > target prot opt source destination
> > FWDI_public_log all -- anywhere anywhere
> > FWDI_public_deny all -- anywhere anywhere
> > FWDI_public_allow all -- anywhere anywhere
> >
> > Chain FWDI_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_log (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public (2 references)
> > target prot opt source destination
> > FWDO_public_log all -- anywhere anywhere
> > FWDO_public_deny all -- anywhere anywhere
> > FWDO_public_allow all -- anywhere anywhere
> >
> > Chain FWDO_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_log (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_ZONES (1 references)
> > target prot opt source destination
> > IN_public all -- anywhere anywhere [goto]
> > IN_public all -- anywhere anywhere [goto]
> >
> > Chain INPUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_direct (1 references)
> > target prot opt source destination
> >
> > Chain IN_public (2 references)
> > target prot opt source destination
> > IN_public_log all -- anywhere anywhere
> > IN_public_deny all -- anywhere anywhere
> > IN_public_allow all -- anywhere anywhere
> >
> > Chain IN_public_allow (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:http ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ssh ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:https ctstate NEW
> >
> > Chain IN_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain IN_public_log (1 references)
> > target prot opt source destination
> >
> > Chain OUTPUT_direct (1 references)
> > target prot opt source destination
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all" in your
> > mail client. To manage your subscriptions to this and other
> > Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/ To search Galaxy mailing lists
> > use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ------------------------------------------------------------------------
> >
> > UTSouthwestern
> >
> > Medical Center
> >
> > The future of medicine, today.
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  https://lists.galaxyproject.org/
> 
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Galaxy on Centos via Apache - connection refused

Keith Suderman
Very odd that you were getting “Address is use” errors then..  What have you set the port to in your galaxy.ini file?

The missing index.html/index.php won’t make a difference to Galaxy, but it might prevent Apache from starting up.  I would put a simple index.html file, say:

<html><body><p>You should not see this.</p></body></html>

in /var/www/html just so Apache is happy and if you see that at least you will know Apache is up and running and listening on the correct ports. I would also forego the Apache rewrite rules until you know Galaxy is working.

Keith

On Nov 3, 2015, at 12:15 PM, Makis Ladoukakis <[hidden email]> wrote:

Νο, no other service is running on 8081. This is the output of netstat -tulpn:

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
udp        0      0 0.0.0.0:123             0.0.0.0:*                           -
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -
udp        0      0 0.0.0.0:33715           0.0.0.0:*                           -
udp6       0      0 :::123                  :::*                                -
udp6       0      0 ::1:323                 :::*     

And no I only have an info.php in that directory. Does that affect Galaxy in any way?

Thank you,
Makis


Subject: Re: [galaxy-dev] Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 3 Nov 2015 12:07:12 -0500
CC: [hidden email]; [hidden email]
To: [hidden email]

Do you have another service running on 8081?  I see the server is complaining about that address already being in use.  Also, do you have an index.html or welcome.html in /var/www/html?

Cheers,
Keith

On Nov 3, 2015, at 11:39 AM, Makis Ladoukakis <[hidden email]> wrote:

Hello,

Unfortunately I cannot change web servers at the moment. There are a lot of applications that I would need to make changes for the nginx configuration plus i am not very experienced with nginx (apparently not with apache as well outside debian systems).

Thank you,
Makis

> To: [hidden email]

> From: [hidden email]
> Date: Tue, 3 Nov 2015 17:19:59 +0100
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
> 
> Il 03/11/15 11:53, Makis Ladoukakis ha scritto:
> 
> >
> > Nothing seems to work on my server. Is Galaxy even compatible with
> > CentOS? Is there something else that I am missing?
> >
> 
> Hello, I'm running a production Galaxy Server on CentOS and I can assure 
> you it is perfectly feasible. But I'm using NGINX as a web server so I'm 
> not able to help you with Apache configuration, sorry. Did you try to 
> use NGINX instead of Apache in order to see if the problem is Apache 
> related or system related?
> 
> Best,
> Federico Z.
> 
> 
> >
> >
> > ------------------------------------------------------------------------
> > From: [hidden email]
> > To: [hidden email]; [hidden email]
> > CC: [hidden email]
> > Date: Fri, 23 Oct 2015 17:30:51 +0000
> > Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > SELinux policies are very strict on CentOS by default. Apache isn't
> > allowed to access files outside of its standard directories, nor access
> > network resources. Your local Galaxy apps server is a network resource -
> > even though it's local.
> >
> > If you want to keep SELinux on then use audit2allow to see what policies
> > will enable access:
> >
> > cat /var/log/audit/audit.log | audit2allow -v
> >
> > Then you can use setsebool (temporary) and setsebool -P (permanent) to
> > enable.
> >
> > --
> > David Trudgian Ph.D.
> > Computational Scientist, BioHPC
> > UT Southwestern Medical Center
> > Dallas, TX 75390-9039
> > Tel: (214) 648-4833
> >
> > *From:*galaxy-dev [[hidden email]]
> > *On Behalf Of *Makis Ladoukakis
> > *Sent:* Friday, October 23, 2015 10:30 AM
> > *To:* Juan Carlos <[hidden email]>
> > *Cc:* [hidden email]
> > *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > Hello,
> >
> > That didn't work. The apache restart failed with the following error:
> >
> > SELinux is preventing /usr/sbin/httpd from name_bind access on the
> > tcp_socket port 8081.
> >
> > Any idea why?
> >
> > Kind regards,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> > From: [hidden email] <[hidden email]>
> > Date: Tue, 20 Oct 2015 22:25:00 +1030
> > CC: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> >
> > Hi,
> >
> > If you have a line in your Apache conf like
> >
> > "Listen 80"
> >
> > change to
> >
> > "Listen 8081"
> >
> >
> > On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> > <[hidden email]>> wrote:
> >
> > Hello,
> >
> > I am sorry but I have really no experience with setting up the
> > Apache web server so I am not really sure how to do that. Can you
> > please help me out with it? My apache configuration file is in
> > /etc/httpd/conf/ directory and there are no directories such as
> > /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
> > installation).
> >
> > What I did already (after some advice from the server admin) is open
> > up the 8081 port like that:
> >
> > firewall-cmd --permanent --add-port=8081/tcp
> >
> > firewall-cmd --reload
> >
> >
> > and then I got another error:
> >
> > [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
> > found or unable to stat: /var/www/cgi-bin/common
> >
> > [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
> > Cannot serve directory /var/www/html/: No matching DirectoryIndex
> > (index.html,index.php) found, and server-generated directory index
> > forbidden by Options directive
> >
> >
> > which I tried to solve by adding welcome.html as a recognizable
> > filename in the apache configuration:
> >
> > <IfModule dir_module>
> > DirectoryIndex index.html welcome.html
> > </IfModule>
> >
> >
> > but nothing worked and now the error_log shows the following:
> >
> > [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
> > AH00170: caught SIGWINCH, shutting down gracefully
> > [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
> > policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> > [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
> > AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
> > module wsgi_module is already loaded, skipping
> > [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
> > AH01757: generating secret for digest authentication ...
> > [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
> > 46896] AH02282: No slotmem from mod_heartmonitor
> > [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
> > AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
> > configured -- resuming normal operations
> > [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
> > Command line: '/usr/sbin/httpd -D FOREGROUND'
> >
> > And the webpage that galaxy is supposed to appear is still blank.
> >
> > Any ideas?
> >
> > Thank you,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Date: Tue, 20 Oct 2015 11:01:44 +1030
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
> > connection refused
> > From: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> > CC: [hidden email] <[hidden email]>
> >
> > hi,
> >
> > Maybe sounds silly, but have you tried to put the apache
> > configuration in a virtual host within the sites-enable site?
> >
> > cheers
> >
> > jc
> >
> > On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
> > <[hidden email] <[hidden email]>> wrote:
> >
> > Forwading to this list too. I am not sure if they are two
> > separate lists.
> >
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > From: [hidden email] <[hidden email]>
> > To: [hidden email]
> > <[hidden email]>
> > Date: Mon, 19 Oct 2015 17:04:13 +0300
> > Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
> > refused
> >
> > Dear all,
> >
> > I've been trying to set up a Galaxy instance on my CentOS server
> > but even when I manage to run the simplest configuration
> > correctly I can't seem to get it right on my browser as the
> > connection is refused.
> >
> > I have changed the host to 0.0.0.0, the port to 8081 and made
> > the appropriate changes in Apache configuration file:
> >
> > RewriteEngine on
> > RewriteRule ^/galaxy_test(.*) <a href="http://localhost:8081$1" class="">http://localhost:8081$1 [P]
> > RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
> > RewriteRule ^/galaxy_test/static/style/(.*)
> > /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
> > RewriteRule ^/galaxy_test/static/scripts/(.*)
> > /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
> > RewriteRule ^/galaxy_test/static/(.*)
> > /home/galaxy_test/galaxy/static/$1 [L]
> > RewriteRule ^/galaxy_test/favicon.ico
> > /home/galaxy_test/galaxy/static/favicon.ico [L]
> > RewriteRule ^/galaxy_test/robots.txt
> > /home/galaxy_test/galaxy/static/robots.txt [L]
> >
> > So when I tried to run it the first time I got the "temporarily
> > out of service" error on my browser and the following error in
> > apache log:
> >
> > [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
> > (13)Permission denied: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
> > [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> > Searching the internet I found the following solution:
> >
> > /usr/sbin/setsebool httpd_can_network_connect 1
> > /usr/sbin/setsebool -P httpd_can_network_connect 1
> >
> >
> > but when I restarted my galaxy my browser would now show just a
> > blank page and the error log of apache was:
> >
> > [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
> > (111)Connection refused: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
> > [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> >
> > Has anyone encountered that?
> >
> > Kind regards,
> > Makis
> >
> >
> >
> >
> >
> >
> > P.S. In case that helps the output of iptables -L is the following:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > INPUT_direct all -- anywhere anywhere
> > INPUT_ZONES_SOURCE all -- anywhere anywhere
> > INPUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > FORWARD_direct all -- anywhere anywhere
> > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_IN_ZONES all -- anywhere anywhere
> > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_OUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > OUTPUT_direct all -- anywhere anywhere
> >
> > Chain FORWARD_IN_ZONES (1 references)
> > target prot opt source destination
> > FWDI_public all -- anywhere anywhere
> > [goto]
> > FWDI_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_IN_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_OUT_ZONES (1 references)
> > target prot opt source destination
> > FWDO_public all -- anywhere anywhere
> > [goto]
> > FWDO_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_direct (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public (2 references)
> > target prot opt source destination
> > FWDI_public_log all -- anywhere anywhere
> > FWDI_public_deny all -- anywhere anywhere
> > FWDI_public_allow all -- anywhere anywhere
> >
> > Chain FWDI_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_log (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public (2 references)
> > target prot opt source destination
> > FWDO_public_log all -- anywhere anywhere
> > FWDO_public_deny all -- anywhere anywhere
> > FWDO_public_allow all -- anywhere anywhere
> >
> > Chain FWDO_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_log (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_ZONES (1 references)
> > target prot opt source destination
> > IN_public all -- anywhere anywhere [goto]
> > IN_public all -- anywhere anywhere [goto]
> >
> > Chain INPUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_direct (1 references)
> > target prot opt source destination
> >
> > Chain IN_public (2 references)
> > target prot opt source destination
> > IN_public_log all -- anywhere anywhere
> > IN_public_deny all -- anywhere anywhere
> > IN_public_allow all -- anywhere anywhere
> >
> > Chain IN_public_allow (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:http ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ssh ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:https ctstate NEW
> >
> > Chain IN_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain IN_public_log (1 references)
> > target prot opt source destination
> >
> > Chain OUTPUT_direct (1 references)
> > target prot opt source destination
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all" in your
> > mail client. To manage your subscriptions to this and other
> > Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/ To search Galaxy mailing lists
> > use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ------------------------------------------------------------------------
> >
> > UTSouthwestern
> >
> > Medical Center
> >
> > The future of medicine, today.
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  https://lists.galaxyproject.org/
> 
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Galaxy on Centos via Apache - connection refused

Makis Ladoukakis
So yeah you might be on to something here. When I commented the Rewrite rules I could access my galaxy instance from myservername:8081 with or without the index.html file placed in /var/www/html. When I did place it in the directory though and I tried with the rewrite rules my server gave me the following error:

 script not found or unable to stat: /var/www/cgi-bin/common

and once again the galaxy page was blank.

Any ideas why? What is apache's problem with the rewrite rules being there?

thank you,
Makis


Subject: Re: [galaxy-dev] Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 3 Nov 2015 13:06:03 -0500
CC: [hidden email]; [hidden email]
To: [hidden email]

Very odd that you were getting "Address is use" errors then..  What have you set the port to in your galaxy.ini file?

The missing index.html/index.php won't make a difference to Galaxy, but it might prevent Apache from starting up.  I would put a simple index.html file, say:

<html><body><p>You should not see this.</p></body></html>

in /var/www/html just so Apache is happy and if you see that at least you will know Apache is up and running and listening on the correct ports. I would also forego the Apache rewrite rules until you know Galaxy is working.

Keith

On Nov 3, 2015, at 12:15 PM, Makis Ladoukakis <[hidden email]> wrote:

Νο, no other service is running on 8081. This is the output of netstat -tulpn:

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
udp        0      0 0.0.0.0:123             0.0.0.0:*                           -
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -
udp        0      0 0.0.0.0:33715           0.0.0.0:*                           -
udp6       0      0 :::123                  :::*                                -
udp6       0      0 ::1:323                 :::*     

And no I only have an info.php in that directory. Does that affect Galaxy in any way?

Thank you,
Makis


Subject: Re: [galaxy-dev] Galaxy on Centos via Apache - connection refused
From: [hidden email]
Date: Tue, 3 Nov 2015 12:07:12 -0500
CC: [hidden email]; [hidden email]
To: [hidden email]

Do you have another service running on 8081?  I see the server is complaining about that address already being in use.  Also, do you have an index.html or welcome.html in /var/www/html?

Cheers,
Keith

On Nov 3, 2015, at 11:39 AM, Makis Ladoukakis <[hidden email]> wrote:

Hello,

Unfortunately I cannot change web servers at the moment. There are a lot of applications that I would need to make changes for the nginx configuration plus i am not very experienced with nginx (apparently not with apache as well outside debian systems).

Thank you,
Makis

> To: [hidden email]

> From: [hidden email]
> Date: Tue, 3 Nov 2015 17:19:59 +0100
> Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection refused
> 
> Il 03/11/15 11:53, Makis Ladoukakis ha scritto:
> 
> >
> > Nothing seems to work on my server. Is Galaxy even compatible with
> > CentOS? Is there something else that I am missing?
> >
> 
> Hello, I'm running a production Galaxy Server on CentOS and I can assure 
> you it is perfectly feasible. But I'm using NGINX as a web server so I'm 
> not able to help you with Apache configuration, sorry. Did you try to 
> use NGINX instead of Apache in order to see if the problem is Apache 
> related or system related?
> 
> Best,
> Federico Z.
> 
> 
> >
> >
> > ------------------------------------------------------------------------
> > From: [hidden email]
> > To: [hidden email]; [hidden email]
> > CC: [hidden email]
> > Date: Fri, 23 Oct 2015 17:30:51 +0000
> > Subject: RE: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > SELinux policies are very strict on CentOS by default. Apache isn't
> > allowed to access files outside of its standard directories, nor access
> > network resources. Your local Galaxy apps server is a network resource -
> > even though it's local.
> >
> > If you want to keep SELinux on then use audit2allow to see what policies
> > will enable access:
> >
> > cat /var/log/audit/audit.log | audit2allow -v
> >
> > Then you can use setsebool (temporary) and setsebool -P (permanent) to
> > enable.
> >
> > --
> > David Trudgian Ph.D.
> > Computational Scientist, BioHPC
> > UT Southwestern Medical Center
> > Dallas, TX 75390-9039
> > Tel: (214) 648-4833
> >
> > *From:*galaxy-dev [[hidden email]]
> > *On Behalf Of *Makis Ladoukakis
> > *Sent:* Friday, October 23, 2015 10:30 AM
> > *To:* Juan Carlos <[hidden email]>
> > *Cc:* [hidden email]
> > *Subject:* Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> >
> > Hello,
> >
> > That didn't work. The apache restart failed with the following error:
> >
> > SELinux is preventing /usr/sbin/httpd from name_bind access on the
> > tcp_socket port 8081.
> >
> > Any idea why?
> >
> > Kind regards,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache - connection
> > refused
> > From: [hidden email] <[hidden email]>
> > Date: Tue, 20 Oct 2015 22:25:00 +1030
> > CC: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> >
> > Hi,
> >
> > If you have a line in your Apache conf like
> >
> > "Listen 80"
> >
> > change to
> >
> > "Listen 8081"
> >
> >
> > On 20 Oct 2015, at 21:00, Makis Ladoukakis <[hidden email]
> > <[hidden email]>> wrote:
> >
> > Hello,
> >
> > I am sorry but I have really no experience with setting up the
> > Apache web server so I am not really sure how to do that. Can you
> > please help me out with it? My apache configuration file is in
> > /etc/httpd/conf/ directory and there are no directories such as
> > /sites-available/ or /sites-enabled/ (as I would find in an ubuntu
> > installation).
> >
> > What I did already (after some advice from the server admin) is open
> > up the 8081 port like that:
> >
> > firewall-cmd --permanent --add-port=8081/tcp
> >
> > firewall-cmd --reload
> >
> >
> > and then I got another error:
> >
> > [cgi:error] [pid 29603] [client 115.230.124.164:4559] script not
> > found or unable to stat: /var/www/cgi-bin/common
> >
> > [autoindex:error] [pid 29716] [client 218.76.28.36:4468] AH01276:
> > Cannot serve directory /var/www/html/: No matching DirectoryIndex
> > (index.html,index.php) found, and server-generated directory index
> > forbidden by Options directive
> >
> >
> > which I tried to solve by adding welcome.html as a recognizable
> > filename in the apache configuration:
> >
> > <IfModule dir_module>
> > DirectoryIndex index.html welcome.html
> > </IfModule>
> >
> >
> > but nothing worked and now the error_log shows the following:
> >
> > [Tue Oct 20 13:15:23.719295 2015] [mpm_prefork:notice] [pid 29598]
> > AH00170: caught SIGWINCH, shutting down gracefully
> > [Tue Oct 20 13:15:24.810684 2015] [core:notice] [pid 46896] SELinux
> > policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> > [Tue Oct 20 13:15:24.811647 2015] [suexec:notice] [pid 46896]
> > AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Tue Oct 20 13:15:24.846399 2015] [so:warn] [pid 46896] AH01574:
> > module wsgi_module is already loaded, skipping
> > [Tue Oct 20 13:15:24.847316 2015] [auth_digest:notice] [pid 46896]
> > AH01757: generating secret for digest authentication ...
> > [Tue Oct 20 13:15:24.848294 2015] [lbmethod_heartbeat:notice] [pid
> > 46896] AH02282: No slotmem from mod_heartmonitor
> > [Tue Oct 20 13:15:24.870033 2015] [mpm_prefork:notice] [pid 46896]
> > AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
> > configured -- resuming normal operations
> > [Tue Oct 20 13:15:24.870075 2015] [core:notice] [pid 46896] AH00094:
> > Command line: '/usr/sbin/httpd -D FOREGROUND'
> >
> > And the webpage that galaxy is supposed to appear is still blank.
> >
> > Any ideas?
> >
> > Thank you,
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > Date: Tue, 20 Oct 2015 11:01:44 +1030
> > Subject: Re: [galaxy-dev] FW: Galaxy on Centos via Apache -
> > connection refused
> > From: [hidden email] <[hidden email]>
> > To: [hidden email] <[hidden email]>
> > CC: [hidden email] <[hidden email]>
> >
> > hi,
> >
> > Maybe sounds silly, but have you tried to put the apache
> > configuration in a virtual host within the sites-enable site?
> >
> > cheers
> >
> > jc
> >
> > On Tue, Oct 20, 2015 at 12:36 AM, Makis Ladoukakis
> > <[hidden email] <[hidden email]>> wrote:
> >
> > Forwading to this list too. I am not sure if they are two
> > separate lists.
> >
> > Makis
> >
> > ------------------------------------------------------------------------
> >
> > From: [hidden email] <[hidden email]>
> > To: [hidden email]
> > <[hidden email]>
> > Date: Mon, 19 Oct 2015 17:04:13 +0300
> > Subject: [galaxy-dev] Galaxy on Centos via Apache - connection
> > refused
> >
> > Dear all,
> >
> > I've been trying to set up a Galaxy instance on my CentOS server
> > but even when I manage to run the simplest configuration
> > correctly I can't seem to get it right on my browser as the
> > connection is refused.
> >
> > I have changed the host to 0.0.0.0, the port to 8081 and made
> > the appropriate changes in Apache configuration file:
> >
> > RewriteEngine on
> > RewriteRule ^/galaxy_test(.*) http://localhost:8081$1 [P]
> > RewriteRule ^/galaxy_test$ /galaxy_test/ [R]
> > RewriteRule ^/galaxy_test/static/style/(.*)
> > /home/galaxy_test/galaxy/static/june_2007_style/blue/$1 [L]
> > RewriteRule ^/galaxy_test/static/scripts/(.*)
> > /home/galaxy_test/galaxy/static/scripts/packed/$1 [L]
> > RewriteRule ^/galaxy_test/static/(.*)
> > /home/galaxy_test/galaxy/static/$1 [L]
> > RewriteRule ^/galaxy_test/favicon.ico
> > /home/galaxy_test/galaxy/static/favicon.ico [L]
> > RewriteRule ^/galaxy_test/robots.txt
> > /home/galaxy_test/galaxy/static/robots.txt [L]
> >
> > So when I tried to run it the first time I got the "temporarily
> > out of service" error on my browser and the following error in
> > apache log:
> >
> > [Mon Oct 19 05:56:45.308714 2015] [proxy:error] [pid 18505]
> > (13)Permission denied: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 05:56:45.308774 2015] [proxy_http:error] [pid 18505]
> > [client 185.25.151.159:39629 <http://185.25.151.159:39629>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> > Searching the internet I found the following solution:
> >
> > /usr/sbin/setsebool httpd_can_network_connect 1
> > /usr/sbin/setsebool -P httpd_can_network_connect 1
> >
> >
> > but when I restarted my galaxy my browser would now show just a
> > blank page and the error log of apache was:
> >
> > [Mon Oct 19 15:29:09.425120 2015] [proxy:error] [pid 29699]
> > (111)Connection refused: AH00957: HTTP: attempt to connect to
> > 127.0.0.1:8081 <http://127.0.0.1:8081> (*) failed
> > [Mon Oct 19 15:29:09.425167 2015] [proxy_http:error] [pid 29699]
> > [client 147.102.86.121:51865 <http://147.102.86.121:51865>]
> > AH01114: HTTP: failed to make connection to backend: localhost
> >
> >
> > Has anyone encountered that?
> >
> > Kind regards,
> > Makis
> >
> >
> >
> >
> >
> >
> > P.S. In case that helps the output of iptables -L is the following:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > INPUT_direct all -- anywhere anywhere
> > INPUT_ZONES_SOURCE all -- anywhere anywhere
> > INPUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ctstate RELATED,ESTABLISHED
> > ACCEPT all -- anywhere anywhere
> > FORWARD_direct all -- anywhere anywhere
> > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_IN_ZONES all -- anywhere anywhere
> > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
> > FORWARD_OUT_ZONES all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere
> > REJECT all -- anywhere anywhere
> > reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > OUTPUT_direct all -- anywhere anywhere
> >
> > Chain FORWARD_IN_ZONES (1 references)
> > target prot opt source destination
> > FWDI_public all -- anywhere anywhere
> > [goto]
> > FWDI_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_IN_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_OUT_ZONES (1 references)
> > target prot opt source destination
> > FWDO_public all -- anywhere anywhere
> > [goto]
> > FWDO_public all -- anywhere anywhere
> > [goto]
> >
> > Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain FORWARD_direct (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public (2 references)
> > target prot opt source destination
> > FWDI_public_log all -- anywhere anywhere
> > FWDI_public_deny all -- anywhere anywhere
> > FWDI_public_allow all -- anywhere anywhere
> >
> > Chain FWDI_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDI_public_log (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public (2 references)
> > target prot opt source destination
> > FWDO_public_log all -- anywhere anywhere
> > FWDO_public_deny all -- anywhere anywhere
> > FWDO_public_allow all -- anywhere anywhere
> >
> > Chain FWDO_public_allow (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain FWDO_public_log (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_ZONES (1 references)
> > target prot opt source destination
> > IN_public all -- anywhere anywhere [goto]
> > IN_public all -- anywhere anywhere [goto]
> >
> > Chain INPUT_ZONES_SOURCE (1 references)
> > target prot opt source destination
> >
> > Chain INPUT_direct (1 references)
> > target prot opt source destination
> >
> > Chain IN_public (2 references)
> > target prot opt source destination
> > IN_public_log all -- anywhere anywhere
> > IN_public_deny all -- anywhere anywhere
> > IN_public_allow all -- anywhere anywhere
> >
> > Chain IN_public_allow (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:http ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:ssh ctstate NEW
> > ACCEPT tcp -- anywhere anywhere
> > tcp dpt:https ctstate NEW
> >
> > Chain IN_public_deny (1 references)
> > target prot opt source destination
> >
> > Chain IN_public_log (1 references)
> > target prot opt source destination
> >
> > Chain OUTPUT_direct (1 references)
> > target prot opt source destination
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all" in your
> > mail client. To manage your subscriptions to this and other
> > Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/ To search Galaxy mailing lists
> > use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> >
> > ------------------------------------------------------------------------
> >
> > UTSouthwestern
> >
> > Medical Center
> >
> > The future of medicine, today.
> >
> >
> >
> > ___________________________________________________________
> > Please keep all replies on the list by using "reply all"
> > in your mail client. To manage your subscriptions to this
> > and other Galaxy lists, please use the interface at:
> >  https://lists.galaxyproject.org/
> >
> > To search Galaxy mailing lists use the unified search at:
> >  http://galaxyproject.org/search/mailinglists/
> >
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  https://lists.galaxyproject.org/
> 
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/mailinglists/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
12