Reputation
Badges 1
21 × Eureka!Sorry, I forgot to add in to here too that I tested earlier and if I remove those variables from the docker-compose file I have no problem logging in again.
Hi SuccessfulKoala55 ! That's what I thought too. I was following the docs on how to best secure the server https://clear.ml/docs/latest/docs/deploying_clearml/clearml_server_security and so did the SSL, set up the fixed users, set up object storage, then for the secrets I set them as environment variables in the docker compose file and I set all of the variables list there so:
` CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER: "new-secret-string"
CLEARML__SECURE__AUTH__TOKEN_SECRE...
Oh I think I finally found an error in there that was it! It looks like the property is httponly not httpsonly, and when I changed that and added all the keys and secrets back in, I am able to get in this time! I suppose I added that along with the keys last time but I thought I tested in between, but maybe it was a cache thing. I think I'm good, thanks for the help!
Oh really? I wouldn't have thought of that since docker seems to map 8080 to 80, but I will give it a try! Thanks!
That was it, thanks so much ObedientDolphin41 !
Sorry, I was in ~ I just (probably mistakenly) refer to that as root
I do have this bit from the docs in my apiserver.conf files
auth { cookies { httponly: true secure: true domain: ".clearml.mydomain.com" max_age: 99999999999 } }
Which I thought was the way to configure subdomains, but I didn't do the load balancer config as I don't need load balancing for our use case.
Oh sorry I misunderstood, I don't have any conf files for the SDK at the moment. When I tried via python I simply used the credentials I got from my instance and when I tried on the command land I ran clearml-init and followed the prompts until it ran into the same SSL error. During the prompts I got to #2iii on this page https://clear.ml/docs/latest/docs/deploying_clearml/clearml_config_for_clearml_server/ and that's when I got the SSL error so I couldn't get to the configuration of those ...
I just realized something, one thing that confused me is the docs said that you get the app/api/etc subdomains but I seem to connect directly using the http://subdomain.domain.com without http://app.subdomain.domain.com and in fact http://app.subdomain.domain.com doesn't work. Would that matter? Should I have *. http://subdomain.domain.com on my certificate and does that nginx file in the link need to be added to at all?
Hi again SuccessfulKoala55 ! I used nginx and Let's Encrypt, and used the recommended steps from the community that were posted here https://github.com/allegroai/clearml-server/issues/78
When I was getting the SSL error, it was using https, and it should have been consistent, though I really just copied over the nginx settings from the github here None . I was playing around with it a bit because I thought maybe since other ports don't seem to be handled that was the issue but no matter what I tried I still got the same errors.
I think maybe it didn't get far enough to do that because I see a .clearml_data.json file in my root but no clearml.conf. I could PM you the connection credentials if that might help? It isn't live yet so I don't mind, just let me know!
so my clearml.conf file only has settings for my google bucket, when I created the VM from the image it didn't actually come with any config files in the /opt/clearml/config directory, so I've been adding them and putting in the sections I need to edit there.
Thanks for the response! As instructed by the init file I pasted the full JSON object from the app credential screen, so it looked something like:
api {
web_server: domain
api_server: domain:8008
credentials {
"access_key" = "xxx"
"secret_key" = "xxx"
}
}
As an update, to get my team up and running I redid the server with everything except for the SSL, and it worked with no issues. But I'd still like to try to get SSL configured for obvious reaso...
Yes, I even used a completely different browser and private mode on that browser to be extra sure. However, I did just go key by key to try to see if it is just one of them that is causing me to be unable to login, each time clearing out all the site data and this time when I reached the end and removed all the key/secret alterations from the docker compose file, I can no longer access the application with my username and password in my fixed users list
Thanks John! Though that does seem a little confusing as then anyone could really set up their own storage and wouldn't others potentially have difficulty accessing the artifacts if they needed to?
Hi CostlyOstrich36 ! Thanks I appreciate the answer! When you say configure it on the clearml.conf level, that means then that this is a user-level configuration that each user of the server would need to individually configure, right? Or is there a way to configure this on the server so that when a new user makes a connection to the server, it gets automatically configured for them?
in my apiserver.conf file I have the auth{} bracket with fixed_users (hashed passwords) and also included the cookies{} entry with httpsonly: true and secure: true
Ahh I see, I think I understand the workflow now, thanks!
The interesting bit though is I didn't see what the issue was earlier because I forgot to check, but looking at the network tab I see the auth.login request is actually returning with a 500 error not a 403 or something and is saying Failed processing request
http://domain/v2.23/auth.login where domain is my custom domain. I'm not sure why it isn't use https for that request
Hi @<1523701087100473344:profile|SuccessfulKoala55> ! Any other ideas on this one? I feel like it has something to do with the api server but I really am at a loss for how to fix it