Proxy Failure Compose-Services

Hi, I'm trying to get a local instance of gen3 running using compose-services. I followed the instructions in the github readme, set up my OAuth credentials, and docker-compose up -d works fine. I can access the application at the appropriate URL, but when I click to sign in with OAuth I get a 502 Bad Gateway error.

Checking docker ps, 'revproxy-service' hangs on 'starting' when docker-compose up is run before becoming status=unhealthy. The log for this service contains the error: 'failed (113: Host is unreachable) while connecting to upstream....'

Also on docker-compose up, I get 'creating 'fence-service'....done', but no container for this service appears when I docker ps.

I would really like to test this application and greatly appreciate any help anyone can give me

Andy W.

Hi Andy!

Welcome to the forum! :slight_smile:

I would like to ask you to provide a little bit more information using script, here is a description how to do it.

This would help to identify problem more accurately.

Hi Viktorija,

Thanks for the quick response! I'd be happy to, but the problem has evolved a bit since my post. I changed the base_url in the fence-config.yaml file to reflect our domain, so the redirect at login (seemingly) works, but the revproxy-service still doesn't seem to start correctly, and clicking on the different tabs to explore data or view workspaces results in blank screens with only the nav-bar or infinitely-looping loading animation. A look at the browser console shows a number of 401 and 502 errors, so there still seems to be something wrong with authentication. Running smoke_test returned all '200' messages. In any case, i'll include the .zip file resulting from the in the hopes that you and your team may be able to illuminate me (This is all pushing the limits of my networked computing knowledge). Heres a link to the files: google drive link to .zip

Thank you for your help,

Hi Andy,

Infinitely looping animation (three dots) is normal when you don't have data, please don't worry about it. Are you able to add program at /_root as described here:


At _root, I can select 'Program' from the 'Use Form Submission' form, add a dbgap number and name, and click 'upload submissions json from form' This generates a JSON object representing my program in the dialog box below. When I click 'Submit' nothing appears to happen, but in the console two 401 (UNAUTHORIZED) are logged for PUT actions at .../api/v0/submission.

When the page loads, a few 401 (UNAUTHORIZED) errors for .../api/v0/submission/graphql are logged.

As I mentioned in my previous email, I only got the authentication to work by replacing the 'localhost/user" base url in the fence-config file with our domain. As such, when I click the google login button in the application, I can log in but get a warning about an 'unsecure' connection on the redirect. Do you think that has something to do with my problems?

Thank you again for all your help,

Andy W.

Hi Andy,

In your archive of configuration/logs I see "BASE_URL: 'localhost/user'" in the fence-config.yaml, but then "" on logs, so I'm a little bit confused.

Are you trying to run Compose Services locally on your own laptop/station, or on the server?

(and I'm curious if problem using localhost was about invalid certificate error or other?)

Hi Viktorija,

Yeah sorry, I switched the base_url back to localhost before I sent you the dump, but I was running the application with base_url set to I am trying to run Compose Services on an ec2 instance. Let me try to run it with the localhost settings and get some screenshots of the error for you.



Running with the localhost base_url results in an ERR_CONNECTION_REFUSED when I click the login button (which I guess makes sense because I'm running on an ec2 server). In the README, under 'Running Docker Compose on a Remote Machine', the instructions say to modify the 'hostname' field in fence-config, but I am unable to find this field. I've attached a dump of my most recent attempt. Thank you again for all your help.


(Attachment is missing)

sorry, the link to that zip file:

Andy, thanks for the clarification about your setup.

I think there is a mistake in documentation, sorry for that, we will update it. Here is a list of files/fields to update with your domain name:

  • file fence-config.yaml, field BASE_URL
  • file sheepdog_creds.json, field hostname
  • file peregrine_creds.json, field hostname
  • file fence_creds.json, field hostname


Thank you, with your help I believe I now have it working (although not with entirely correct configuration I fear...). I have edited the cred/config files as per your instructions, and as a result have been able to load some data into the system through the form at /_root and /[project_name] . When I log in initially however, I'm still presented with this error

and have to go through the advanced settings to proceed with authentication.

As I said, I am seemingly able to create projects/experiments/cases/demographics, but still nothing appears in the 'Exploration' tab. I'm wondering if this has something to do with my possible authentication error, or if this is a compose-services issue (I recently and after long struggle came upon the github issue 'PXD-2440 ⁃ /api/v0/flat-search/search/graphql/aggsStateQuery produces 404' in the data-portal repo).

Is there a way I can get the visualization working within the compose-services framework? It's unfortunately the service I'm most interested in testing.


Hi Andy,

The warning about connection not being private appears because our script generated self-signed SSL certificate and it can not be verified by your browser. Once you install trusted SSL certificate on your server, this warning will go away.

Have you granted yourself permissions to your new program and projects in the user.yaml file? The auth_id should be a string containing the dbgap_accession_number of your new project.

Do you see program/project in the List of projects on the Submit data page?

Hi Viktorija,
Ah, thank you for the information

...(sorry, sent the last message incomplete by accident) [Thank you for the information] regarding SSL certificate. I have granted myself permissions on projects, and can see program/projects on the submit data page. I can submit data and see it in the 'browse nodes' section of URL/[project_name]. My only current issue is not being able to get the Exploration Page to work.

Hi Andy,

I'm going to find out more details about setting up Exploration section from our developers team and I will update you soon.

I really appreciate it, I had a look at this explanation from the above github issue:

in repo there are etl and template folder.

etl folder has docker-compose to run together with existing services in the root folder, template folder has etlMapping.yaml.

Refer to this repo to config the etlMapping to whatever you need to show in explorer page.

Explorer page was working before with arranger, but we migrate to use guppy for now Check that repo for configuration of guppy in data-portal.

but wasn't really able to figure out what to do.


Hi Andy,

The issue you posted is absolutely relevant here. We migrate from arranger to guppy, so currently Exploration page is not working. I talked to developers and we raised priority of this story, hopefully it will be implemented soon, I will keep you updated.