search

ARPA-H-FEAST / management

Repository for project management
0 stars 0 forks source link

Set up mgpc apache server #45

Open rykahsay opened 1 month ago

rykahsay commented 1 month ago

Please set up the domain https://mgpc.biochemistry.gwu.edu/ and have apache run. I will create a web application container that will be mapped with the main apache port

dacianstremtan commented 1 month ago

The apache is already setup on the mgpc.biochemistry.gwu.edu. Currently it is running rstudio on this url. Please confirm with Anelia that is okay to take over the main domain URL. Rstudio can be served from /rstudio location Dacian

pmcneely commented 1 month ago

@rykahsay @dacianstremtan It looks like there are two issues on the MGPC server:

  1. HTTPD is running (ps aux | grep httpd), but I don't see any configuration for ports to be open. (I don't have access to lsof etc, but best I can see, there's no web service available and no configurations in /etc/http/)
  2. The docker daemon isn't running (and maybe isn't set to run automatically under systemd?): 
    ┌  pmcneely@💻 mgpc  ~ 
└❯ $ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
rykahsay commented 1 month ago

@dacianstremtan ... can you please let us know if we can use GW authentication in a web application I am developing? In other words, does GW has API gateway (just like Google and Facebook) that can be used by other web applications?

dacianstremtan commented 1 month ago

@pmcneely docker is was installed by not configured to start automatically. I have configured the service and add your account to the docker group. You should be able to run docker commands without sudo. A logout/login cycle might be required if you are already logged in.

dacianstremtan commented 1 month ago

@rykahsay GW does not have an API gateway that I am aware of. We can use GW login for user using SAML intergration or OAUTH 2.0 with the Microsoft Azure login page.

dacianstremtan commented 1 month ago

@rykahsay @dacianstremtan It looks like there are two issues on the MGPC server:

1. `HTTPD` is running (`ps aux | grep httpd`), but I don't see any configuration for ports to be open. (I don't have access to `lsof` etc, but best I can see, there's no web service available and no configurations in `/etc/http/`)

2. The docker daemon isn't running (and maybe isn't set to run automatically under `systemd`?):
┌  pmcneely@💻 mgpc  ~ 
└❯ $ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

The only current service is being served is Rstudio server and the proxy is written in /etc/httpd/conf.d/ssl.conf

Screenshot from 2024-10-21 11-41-16

..... RewriteEngine on

RedirectMatch permanent ^/rstudio$ /rstudio/

RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.) ws://localhost:8787/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.) http://localhost:8787/$1 [P,L] ProxyPass / http://localhost:8787/ ProxyPassReverse / http://localhost:8787/

pmcneely commented 1 month ago

@dacianstremtan Thanks! Comments/questions on 2 & 3 below.

You should be able to run docker commands without sudo. A logout/login cycle might be required if you are already logged in.

Confirmed - thank you!

We can use GW login for user using [...] OAUTH 2.0 with the Microsoft Azure login page

This would be extraordinarily nice to integrate with our application moving forward. I have created a Django container that currently handles our OAuth2.0 login/logout lifecycle. I would love to add the GWU OAuth2.0 lifecycle in parallel if possible. Shall I open a new ticket?

The only current service is being served is Rstudio server [...]

Can you configure Apache with a new, open port (either to feast.mgpc.biochemistry.gwu.eduormgpc.biochemistry.gwu.edu/feast` or something like that? @rykahsay Do we have lab best practice for handling DNS routing for funded projects?

pmcneely commented 1 month ago

@dacianstremtan Just to provide an update, we would definitely prefer feast.mgpc.biochemistry.gwu.edu if we still can get it :)

dacianstremtan commented 1 month ago

We can do a DNS name such as: feast.biochemistry.gwu.edu

Dacian

În lun., 21 oct. 2024 la 12:22, Pat McNeely @.***> a scris:

@dacianstremtan https://github.com/dacianstremtan Just to provide an update, we would definitely prefer feast.mgpc.biochemistry.gwu.edu if we still can get it :)

— Reply to this email directly, view it on GitHub https://github.com/ARPA-H-FEAST/management/issues/45#issuecomment-2427145097, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIRPEFBJ3VYQKNE5RNSRKALZ4US5PAVCNFSM6AAAAABPQL43U6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRXGE2DKMBZG4 . You are receiving this because you were mentioned.Message ID: @.***>

pmcneely commented 1 month ago

@dacianstremtan Thank you for the offer, Dacian. Per Anelia and Raja, we would like to stick with feast.mgpc.biochemistry.gwu.edu for now.

Thank you again!

lorikrammer commented 1 week ago

We need to set up apache so that arpa-h user group also has access to edit apache config files. When contacting Dacian please cc to Raja, Lori, and Anelia.

dacianstremtan commented 1 week ago

Please try editing the file:

sudo /usr/bin/vi /etc/httpd/conf.d/feast.conf

That is the apache configuration file that is to be used for the arpah group.

Dacian

În lun., 11 nov. 2024 la 15:33, Lori Krammer @.***> a scris:

We need to set up apache so that arpa-h user group also has access to edit apache config files. When contacting Dacian please cc to Raja, Lori, and Anelia.

— Reply to this email directly, view it on GitHub https://github.com/ARPA-H-FEAST/management/issues/45#issuecomment-2468975311, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIRPEFEK3MZ3MOEJ2HNQDE32AEIARAVCNFSM6AAAAABPQL43U6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRYHE3TKMZRGE . You are receiving this because you were mentioned.Message ID: @.***>

pmcneely commented 4 days ago

@dacianstremtan

Please try editing the file: sudo /usr/bin/vi /etc/httpd/conf.d/feast.conf

I'm unable to edit this file, although I'm not clear whether I'm on the list to get sudo access or not.

Also, docker containers can't access the network. I will open another ticket to track that.

pmcneely commented 4 days ago

@dacianstremtan

Looks like I am not able to tag you in another ticket, I will detail the issue here.

Docker builds fail on trying to retrieve remote packages: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'deb.debian.org'

Pulling a docker in that contains some minimal network utilities:

└❯ $ docker run --rm -it pmcneely2/feast-smart bash
root@85fedb6b2508:/server# dig google.com

; <<>> DiG 9.16.50-Debian <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
dacianstremtan commented 3 days ago

Hi, The IP forwarding was turned off at the kernel level for security reasons because it was not being used until now. The container works now:

@.***:/server# dig google.com

; <<>> DiG 9.16.50-Debian <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62334 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a462fa1207150cdc01000000673cc0f8b1d9317c04539efb (good) ;; QUESTION SECTION: ;google.com. IN A

;; ANSWER SECTION: google.com. 20 IN A 172.253.122.139 google.com. 20 IN A 172.253.122.101 google.com. 20 IN A 172.253.122.100 google.com. 20 IN A 172.253.122.113 google.com. 20 IN A 172.253.122.102 google.com. 20 IN A 172.253.122.138

;; AUTHORITY SECTION: google.com. 116732 IN NS ns1.google.com. google.com. 116732 IN NS ns2.google.com. google.com. 116732 IN NS ns4.google.com. google.com. 116732 IN NS ns3.google.com.

;; ADDITIONAL SECTION: ns2.google.com. 115172 IN A 216.239.34.10 ns1.google.com. 115172 IN A 216.239.32.10 ns3.google.com. 115172 IN A 216.239.36.10 ns4.google.com. 115172 IN A 216.239.38.10 ns2.google.com. 115172 IN AAAA 2001:4860:4802:34::a ns1.google.com. 115172 IN AAAA 2001:4860:4802:32::a ns3.google.com. 115172 IN AAAA 2001:4860:4802:36::a ns4.google.com. 115172 IN AAAA 2001:4860:4802:38::a

;; Query time: 3 msec ;; SERVER: 128.164.141.12#53(128.164.141.12) ;; WHEN: Tue Nov 19 16:46:48 UTC 2024 ;; MSG SIZE rcvd: 411

Dacian

În lun., 18 nov. 2024 la 12:08, Pat McNeely @.***> a scris:

@dacianstremtan https://github.com/dacianstremtan

Looks like I am not able to tag you in another ticket, I will detail the issue here.

Docker builds fail on trying to retrieve remote packages: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'deb.debian.org'

Pulling a docker in that contains some minimal network utilities:

└❯ $ docker run --rm -it pmcneely2/feast-smart bash @.***:/server# dig google.com

; <<>> DiG 9.16.50-Debian <<>> google.com ;; global options: +cmd ;; connection timed out; no servers could be reached

— Reply to this email directly, view it on GitHub https://github.com/ARPA-H-FEAST/management/issues/45#issuecomment-2483624831, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIRPEFEOVJ6S2YAFDNBIOH32BINJFAVCNFSM6AAAAABPQL43U6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTGYZDIOBTGE . You are receiving this because you were mentioned.Message ID: @.***>

rykahsay commented 1 day ago

Dacian has given me sudo access and I am working with him to take over apache admin tasks.

pmcneely commented 23 hours ago

@rykahsay

Dacian has given me sudo access and I am working with him to take over apache admin tasks.

Great news. Let me know when you have established the landing address and I can start configuring the OAuth and FHIR docker endpoints.