galaxy behind firewall

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

galaxy behind firewall

Matthias Bernt
Dear list,

our galaxy is behind a firewall which seems to imply that many of the
nice possibilities to use online services which download data from
galaxy do not work, e.g. phinch or the UCSC browser.

Has anybody ideas for (or experience with) workarounds?

For instance, we have a local own cloud which we might exploit, i.e.,
upload the data to OC and modify the link.

Best,
Matthias



--

-------------------------------------------
Matthias Bernt
Bioinformatics Service
Molekulare Systembiologie (MOLSYB)
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ/
Helmholtz Centre for Environmental Research GmbH - UFZ
Permoserstraße 15, 04318 Leipzig, Germany
Phone +49 341 235 482296,
[hidden email], www.ufz.de

Sitz der Gesellschaft/Registered Office: Leipzig
Registergericht/Registration Office: Amtsgericht Leipzig
Handelsregister Nr./Trade Register Nr.: B 4703
Vorsitzender des Aufsichtsrats/Chairman of the Supervisory Board:
MinDirig Wilfried Kraus
Wissenschaftlicher Geschäftsführer/Scientific Managing Director:
Prof. Dr. Dr. h.c. Georg Teutsch
Administrative Geschäftsführerin/ Administrative Managing Director:
Prof. Dr. Heike Graßmann
-------------------------------------------
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: galaxy behind firewall

Youssef  GHORBAL
Hello,

> On 18 Sep 2017, at 16:49, Matthias Bernt <[hidden email]> wrote:
>
> Dear list,
>
> our galaxy is behind a firewall which seems to imply that many of the nice possibilities to use online services which download data from galaxy do not work, e.g. phinch or the UCSC browser.
>
> Has anybody ideas for (or experience with) workarounds?

Maybe you can elaborate about these firewall issues first ? What do you mean by "do not work" ?
Did you get in touch with your security team ?

> For instance, we have a local own cloud which we might exploit, i.e., upload the data to OC and modify the link.

What kind of integration are you intending with ownCloud exactly ?

Youssef
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: galaxy behind firewall

Matthias Bernt
Hi,

>> our galaxy is behind a firewall which seems to imply that many of the nice possibilities to use online services which download data from galaxy do not work, e.g. phinch or the UCSC browser.
>>
>> Has anybody ideas for (or experience with) workarounds?
>
> Maybe you can elaborate about these firewall issues first ? What do you mean by "do not work" ?
> Did you get in touch with your security team ?

For instance, biom files can be visualised at phinch. If a user clicks
the link "view biom at Phinch" a new website is opened:

http://www.bx.psu.edu/~dan/Phinch/index.html?biomURL=http%3A%2F%2Fbioinf2-dev%3A8080%2Fdisplay_application%2F7aee12da589cb4d4%2Fbiom_simple%2Fphinch_dan%2F772601c34b88e564%2Fdata%2Fgalaxy_7aee12da589cb4d4.biom

so the phinch website tries to download the biom file from our local
Galaxy bioinf2-dev which is behind the firewall. Similar mechanism is at
work to visualize annotations at the UCSC genome browser.

There is no way that our security team will open the firewall for galaxy
which runs on a head node of our compute cluster.

>> For instance, we have a local own cloud which we might exploit, i.e., upload the data to OC and modify the link.
>
> What kind of integration are you intending with ownCloud exactly ?

I was just thinking that one could create a tool that uploads the data
set to OC, makes it publicly accessible via a link, and redirects to a
website (essentially replacing the link to the galaxy by the one to OC).



Cheers,
Matthias
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: galaxy behind firewall

Daniel Blankenberg-2
HI Matthias,

At the firewall level, one could allow pass through to only the specific IPs/sites that you want to enable for external displays, instead of just opening up the headnode to the entire world. Additional access restrictions could be enforced at the apache/nginx proxy level as well.

If opening the firewall is definitely a non-starter, you could implement a Galaxy tool do do as you suggest, with the output of the tool being an HTML dataset containing the link to the external site with the freshly uploaded data/URL included as parameter. Doing this in a generic (all external displays) fashion, would require a bit of development (which would probably be better-spent adding this sort of behavior as a configurable backend function of the external display application framework), but for a single specific use-case, such as Phinch, is rather trivial.


Dan

On Tue, Sep 19, 2017 at 5:32 AM, Matthias Bernt <[hidden email]> wrote:
Hi,

our galaxy is behind a firewall which seems to imply that many of the nice possibilities to use online services which download data from galaxy do not work, e.g. phinch or the UCSC browser.

Has anybody ideas for (or experience with) workarounds?

Maybe you can elaborate about these firewall issues first ? What do you mean by "do not work" ?
Did you get in touch with your security team ?

For instance, biom files can be visualised at phinch. If a user clicks the link "view biom at Phinch" a new website is opened:

http://www.bx.psu.edu/~dan/Phinch/index.html?biomURL=http%3A%2F%2Fbioinf2-dev%3A8080%2Fdisplay_application%2F7aee12da589cb4d4%2Fbiom_simple%2Fphinch_dan%2F772601c34b88e564%2Fdata%2Fgalaxy_7aee12da589cb4d4.biom

so the phinch website tries to download the biom file from our local Galaxy bioinf2-dev which is behind the firewall. Similar mechanism is at work to visualize annotations at the UCSC genome browser.

There is no way that our security team will open the firewall for galaxy which runs on a head node of our compute cluster.

For instance, we have a local own cloud which we might exploit, i.e., upload the data to OC and modify the link.

What kind of integration are you intending with ownCloud exactly ?

I was just thinking that one could create a tool that uploads the data set to OC, makes it publicly accessible via a link, and redirects to a website (essentially replacing the link to the galaxy by the one to OC).



Cheers,
Matthias

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/