Publicly Accessible GPF Site

Requirements for the host

The recommended minimum requirements for the host are:

  • 2 CPUs cores

  • 4 GB RAM

  • 25 GB disk space

  • public IP address

Depending on the number of users and the amount of data, you may need to increase these values.

You also need to have root access to the host to install and configure the required software.

DNS name

To setup a publicly accessible GPF, you need to have a DNS name that points to the public IP address of the host.

In the example below, we will use demo.iossifovlab.com as the DNS name.

Firewall

You should open the following ports on the firewall:

Type

Protocol

Port

Description

ICMP

ICMP

Allow ping

TCP

TCP

22

SSH

TCP

TCP

80

HTTP

TCP

TCP

443

HTTPS

Required Software

Apache2 web server

sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod rewrite

Docker

To install Docker, follow the instructions in the official Docker documentation for your operating system. For example, on Ubuntu, you can look at the following link: https://docs.docker.com/engine/install/ubuntu/

SSL Certificate

For a publicly accessible GPF, you need to have a valid SSL certificate for the DNS name. We recommend using a free SSL certificate from Let’s Encrypt.

Create an virtual host configuration file for the Apache2 web server to serve the demo domain over HTTPS. For example, for our demo domain demo.iossifovlab.com, you can create a file /etc/apache2/sites-available/demo.iossifovlab.com.conf with the following conteint:

 1LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 2
 3<VirtualHost *:443>
 4    ServerName demo.iossifovlab.com
 5    ServerAdmin admin@iossifovlab.com
 6
 7    LogLevel info ssl:warn
 8
 9    DocumentRoot /var/www/html
10
11</VirtualHost>

To install the SSL certificate, you can use the instructions from https://certbot.eff.org. For example, on Ubuntu with install Apache2 web server, you can check the following link: https://certbot.eff.org/instructions?ws=apache&os=snap

In out case, we used:

1certbot run --apache -d demo.iossifovlab.com

This will install the SSL certificate and configure the Apache2 web server to serve the demo domain over HTTPS. The Apache2 configuration file /etc/apache2/sites-available/demo.iossifovlab.com.conf will be similar to the following:

 1LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 2
 3<VirtualHost *:443>
 4    ServerName demo.iossifovlab.com
 5    ServerAdmin admin@iossifovlab.com
 6
 7    LogLevel info ssl:warn
 8
 9    DocumentRoot /var/www/html
10
11    ### Added by Let's Encrypt certbot
12    SSLCertificateFile /etc/letsencrypt/live/demo.iossifovlab.com/fullchain.pem
13    SSLCertificateKeyFile /etc/letsencrypt/live/demo.iossifovlab.com/privkey.pem
14    Include /etc/letsencrypt/options-ssl-apache.conf
15    SessionCryptoPassphrase Di3ahti8oophushiePh0vang2ri2AeK0maetha7loz2Waleez2
16
17</VirtualHost>

Create an installation user

We recommend to create a user that will be used to install and configure GPF. Let’s say our user is called gpfdemo. You can create the user with the following command:

adduser gpfdemo

We need this user to be able to run Docker commands without sudo. To do this, you can add the user to the docker group:

usermod -aG docker gpfdemo

Then, you can switch to the gpfdemo user:

su - gpfdemo

Make sure to add your SSH public key to the gpfdemo user’s ~/.ssh/authorized_keys file so you can log in to the host using SSH.

Directory Structure

In the following example, we will assume the we install GPF in a subdirectory demo of the home directory of the user gpfdemo. We will use the following directory structure:

demo
├── docker-compose.yaml
├── grr
│   ├── cache
│   └── grr_definition.yaml
├── logs
│   ├── access.log
│   ├── error.log
│   └── wdae-debug.log
├── minimal_instance
│   ├── gpf_instance.yaml
│   ├── ...
│   └── ...
└── mysql_data
    ├── ...

  • docker-compose.yaml: Docker Compose file to start GPF;

  • grr: directory with GRR definition file and cache;

  • logs: directory to store the logs;

  • minimal_instance: directory with the GPF instance configuration;

  • mysql_data: directory to store the MySQL data.

GRR Definition File

1id: public
2type: "http"
3url: "https://grr.iossifovlab.com"
4cache_dir: /grr/cache

GPF Instance Directory

For our example, we will use GPF instance configuration and data created in the GPF Getting Started Guide section. We need to copy the whole minimal_instance directory to the GPF instance public host /demo/minimal_instance directory. To this end you can use rsync or scp command. We will use rsync command in the following example. Our example host is demo.iossifovlab.com and the user is root. So our command will look like this:

rsync -av minimal_instance gpfdemo@demo.iossifovlab.com:demo/

Note

You should change the demo.iossifovlab.com and gpfdemo to your own values.

GPF Docker Compose File

To run GPF we are going to use Docker Compose commands. The following is an example of a Docker Compose configuration file you cat use to run GPF:

 1services:
 2    mysqldata:
 3        image: busybox:latest
 4        command: echo "mysql data only container"
 5        volumes:
 6        - ./mysql_data:/var/lib/mysql
 7
 8    mysql:
 9        image: mysql:8.0
10        hostname: mysql
11        environment:
12        - MYSQL_DATABASE=gpf_demo
13        - MYSQL_USER=seqpipe
14        - MYSQL_PASSWORD=AhWeez0rooGaiheTh5zei8qui
15        - MYSQL_ROOT_PASSWORD=Uor2thiwou3shooxahngah0oc
16        volumes_from:
17        - mysqldata
18        networks:
19            main:
20                aliases:
21                - mysql
22
23        command: ['mysqld', '--character-set-server=utf8', '--collation-server=utf8_bin', '--default-authentication-plugin=mysql_native_password']
24
25    gpf:
26        image: iossifovlab/iossifovlab-gpf-full:latest
27        hostname: gpf
28        ports:
29        - "8000:80"
30        networks:
31            main:
32                aliases:
33                - gpf
34        volumes:
35        - ./minimal_instance:/data
36        - ./grr:/grr
37        - ./logs:/logs
38        environment:
39        - DAE_DB_DIR=/data
40        - DAE_PHENODB_DIR=/data/pheno
41        - GRR_DEFINITION_FILE=/grr/grr_definition.yaml
42        - WDAE_DB_NAME=gpf_demo
43        - WDAE_DB_USER=seqpipe
44        - WDAE_DB_PASSWORD=AhWeez0rooGaiheTh5zei8qui
45        - WDAE_DB_HOST=mysql
46        - WDAE_DB_PORT=3306
47        - WDAE_SECRET_KEY="Di3ahti8oophushiePh0vang2ri2AeK0maetha7loz2Waleez2"
48        - WDAE_PUBLIC_HOSTNAME=demo.iossifovlab.com
49        - WDAE_ALLOWED_HOST=demo.iossifovlab.com
50        - WDAE_LOG_DIR=/logs
51        - GPF_PREFIX=gpf
52        - WDAE_PREFIX=gpf
53
54    networks:
55        main:

Warning

The above example is for demonstration purposes only. You should change the passwords and other parameters to your own values. The passwords should be strong and not easily guessable.

Start GPF

We are going to use Docker Compose to run GPF. To start the GPF instance and the MySQL database server, you can use the following command:

cd demo
docker compose up -d

To inspect the logs, you can use the following command:

docker compose logs -f

You can check the status of the containers using the following command:

docker compose ps

If you want to enter into the GPF container, you can use the following command:

docker compose exec -it gpf /bin/bash

Create GPF Admin User and OAuth2 Application

When you start the GPF instance for the first time, you need to create an admin user and an OAuth2 application. To do this, you need to enter into the GPF container:

docker compose exec -it gpf /bin/bash

Then, from inside the GPF container, you can use the following command to create the admin user:

1wdaemanage.py user_create admin@iossifovlab.com \
2    -p xiequ6aZoNawaet7shooFam1A \
3    -g any_dataset:admin

Warning

The above command will create a user with the email admin@iossifovlab.com and the password xiequ6aZoNawaet7shooFam1A. You should change the email and the password to your own values.

GPF uses OAuth2 for authentication. Once the user is created, you have to create an OAuth2 application using the following command:

1wdaemanage.py createapplication --user 1 \
2    --redirect-uris "https://demo.iossifovlab.com/gpf/login" \
3    --name "GPF Genotypes and Phenotypes in Families" \
4    --client-id gpfjs public authorization-code \
5    --skip-authorization

Warning

The above command will create an OAuth2 application with the redirect URI https://demo.iossifovlab.com/gpf/login. You should change the domain name in the redirect URI to your own value.

Apache2 Proxy Configuration

Finally you need to configure the Apache2 web server to proxy the requests to the GPF instance. You can use the following configuration as an example:

 1LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
 2LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
 3LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
 4LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 5
 6<VirtualHost *:443>
 7    ServerName demo.iossifovlab.com
 8    ServerAdmin webmaster@localhost
 9
10    LogLevel info ssl:warn
11
12    RedirectMatch ^/$ /gpf/
13    <Location "/gpf">
14        Allow From All
15        ProxyPass "http://localhost:8000/gpf"
16        ProxyPassReverse "http://localhost:8000/gpf"
17        ProxyPreserveHost On
18    </Location>
19
20    ### Added by Let's Encrypt certbot
21    SSLCertificateFile /etc/letsencrypt/live/demo.iossifovlab.com/fullchain.pem
22    SSLCertificateKeyFile /etc/letsencrypt/live/demo.iossifovlab.com/privkey.pem
23    Include /etc/letsencrypt/options-ssl-apache.conf
24    SessionCryptoPassphrase Di3ahti8oophushiePh0vang2ri2AeK0maetha7loz2Waleez2
25
26</VirtualHost>