Open Tomnl opened 6 years ago
We have the same issue on our dev instances which don't have proper SSL certificats (but behind a VPN)
So far, we find a trick but using the Galaxy server directly and not the nginx url (if uwsgi is setted with http://0.0.0.0:8080
)
@lecorguille I do not understand what your 'trick' is. Can you explain exactly what you did? (OK en francais si c'est plus facile, I'm happy to translate your answer).
This trick is to not use a socket but an url for thé communication between uwsgi and nginx. Than use the galaxu url directely instead of the nginx one. Not a big deal
Thanks @lecorguille but I am not a UNIX sysadmin, I am just running galaxy locally out of the box in dev mode. Please can you give more precise instructions? What file(s) do I need to change and what lines should be edited with what command? my galaxy.yml has currently:
uwsgi:
# The address and port on which to listen. By default, only listen to
# localhost (galaxy will not be accessible over the network). Use
# ':8080' to listen on all available network interfaces.
http: 127.0.0.1:8080
@bifxcore If you're running a local dev instance, in general, there should be no SSL issue since local dev mode is http by default, not https. Can you provide more details?
Toolshed is on https, so when you are trying to communicate with it and are unable to verify SSL you'll get this.
@martenson Is this a custom toolshed? The main toolshed has a valid certificate right?
iiuc this is not an issue on the server side, this is local system not being able to verify it
I know this an old issue but thought I'd give an answer. On the client side if you are using a python virtualenv then your probably using the cert located in your venv under lib/python3.6/site-packages/certifi/cacert.pem or whatever your python version is. Otherwise you are probably using the cert in /etc/ssl/certs/ca-certificates.crt.
#!/usr/bin/env python3
import urllib3
import sys
import certifi
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
print (certifi.where())
Code might help to identify which cert you are using.
When using a Galaxy instance that is not secure, is it possible to ignore SSL certificate verification?
e.g. with bioblend the following parameters can be set
Otherwise I get the following error when trying to install