Skip to content

Instantly share code, notes, and snippets.

@brainstorm

brainstorm/igv_server_setup.md

Created February 14, 2019 02:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brainstorm/70e5c95620351b82bf44f94ba9efef28 to your computer and use it in GitHub Desktop.
Save brainstorm/70e5c95620351b82bf44f94ba9efef28 to your computer and use it in GitHub Desktop.
Download ZIP
IGV HTTP server setup
Raw
igv_server_setup.md

Minimal NGINX configuration on the server side

WARNING: These notes are going to be eliminated by automation anytime soon (see Future section below).

Edit the file under /etc/nginx/sites-available/default to make sure it looks like this (read SSL section below for the encryption bits):

server {
        auth_basic "UMCCR AWS IGV Server";
        auth_basic_user_file /etc/nginx/htpasswd;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
        server_name igv.dev.umccr.org; # managed by Certbot


        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location /igv {
                alias /var/www/igv;
                autoindex on;
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/igv.dev.umccr.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/igv.dev.umccr.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Then ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default

SSL configuration

certbot from letsencrypt can be used to easily setup free SSL certificates.

S3FS mountpoints

Placing the following lines in our /etc/fstab will allow us to expose a read-only S3 bucket under /mnt/igv and /mnt/primary so that NGINX web server can pickup on BAM/BAI files.

#s3fs#bucket1 /mnt/primary fuse _netdev,iam_role=auto,auto,users,defaults,uid=www-data,gid=www-data,ro,allow_other 0 0
s3fs#bucket2 /mnt/igv fuse _netdev,iam_role=auto,ro,auto,users,defaults,uid=www-data,gid=www-data,allow_other 0 0

Note that iam_role=auto assumes that the IAM instance profile for the currently running instance has access to the referred S3 bucket (in order to avoid hardcoded IAM credentials on the machine image).

IGV XML index file generation

This is an example IGV XML Server file, to be generated automatically via aws s3 ls s3://bucket1/* and some python Jinja2 templating:

<?xml version="1.0" encoding="UTF-8"?>
<Global name="UMCCR AWS IGV server" version="1">
<Category name="UMCCR Amazon IGV bucket">
        <Resource name="small_bam" path="https://igv.dev.umccr.org/igv/test.bam"></Resource>
        <Resource name="ipmn2984_tumor-normal" path="https://igv.dev.umccr.org/igv/ipmn2984__IPMN2984_tumor-tumor.mini.bam"></Resource>
        <Resource name="ipmn2984_tumor-tumor" path="https://igv.dev.umccr.org/igv/ipmn2984__IPMN2984_tumor-tumor.mini.bam"></Resource>
 </Category>
</Global>

Which should be pointed by an accompanying .txt file:

root@ip-172-31-30-42:/var/www/igv# cat umccr_registry.txt
https://igv.dev.umccr.org/igv/umccr_registry.xml

As a stopgap solution, the igv_regenerate.sh shell script takes care of this process, not automatically.

Firewall setup

This service should ideally only have exposed HTTPS (443). In order to do that, security groups should be setup accordingly. Also on the OS-level, ufw can be also used like this:

$ sudo apt-get install -y ufw
$ sudo ufw allow https
$ sudo ufw allow ssh
$ sudo ufw enable
$ sudo service ufw restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment