Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hello! I Have Clearml Up And Running And Was Doing The Last Bit Of Configuration By Changing The Keys And Secrets Using The Docker-Compose File, But Now The Fixed Web Authentication Doesn'T Work. I Did Change The User Key But Thought That It Was Disabled

Hello! I have clearml up and running and was doing the last bit of configuration by changing the keys and secrets using the docker-compose file, but now the fixed web authentication doesn't work. I did change the user key but thought that it was disabled when you moved to fixed users anyway? However, once I restarted the server, I could no longer log in with my username and password I had been using. I don't really want to leave any default keys, so does anyone know how I can make my fixed users work again?

  
  
Posted one year ago
Votes Newest

Answers 9


Hi SuccessfulKoala55 ! That's what I thought too. I was following the docs on how to best secure the server https://clear.ml/docs/latest/docs/deploying_clearml/clearml_server_security and so did the SSL, set up the fixed users, set up object storage, then for the secrets I set them as environment variables in the docker compose file and I set all of the variables list there so:

CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER: "new-secret-string" CLEARML__SECURE__AUTH__TOKEN_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET: "new-secret-string"
I just generated some random strings, but when I took the server down then up again with docker-compose after doing that, I could no longer log in with any of the fixed users info.

  
  
Posted one year ago

Sorry, I forgot to add in to here too that I tested earlier and if I remove those variables from the docker-compose file I have no problem logging in again.

  
  
Posted one year ago

Just as a precaution, did you try deleting your browser's cookies, or logging in using a private session?

  
  
Posted one year ago

in my apiserver.conf file I have the auth{} bracket with fixed_users (hashed passwords) and also included the cookies{} entry with httpsonly: true and secure: true

  
  
Posted one year ago

Yes, I even used a completely different browser and private mode on that browser to be extra sure. However, I did just go key by key to try to see if it is just one of them that is causing me to be unable to login, each time clearing out all the site data and this time when I reached the end and removed all the key/secret alterations from the docker compose file, I can no longer access the application with my username and password in my fixed users list

  
  
Posted one year ago

Hi DashingKoala39 🙂
Fixed users passwords shouldn't be related to the keys and secrets in the docker compose file. Can you expand on which keys/secrets you changed?

  
  
Posted one year ago

Can you see if you can locate an error in the apiserver container log?

  
  
Posted one year ago

The interesting bit though is I didn't see what the issue was earlier because I forgot to check, but looking at the network tab I see the auth.login request is actually returning with a 500 error not a 403 or something and is saying Failed processing request http://domain/v2.23/auth.login where domain is my custom domain. I'm not sure why it isn't use https for that request

  
  
Posted one year ago

Oh I think I finally found an error in there that was it! It looks like the property is httponly not httpsonly, and when I changed that and added all the keys and secrets back in, I am able to get in this time! I suppose I added that along with the keys last time but I thought I tested in between, but maybe it was a cache thing. I think I'm good, thanks for the help!

  
  
Posted one year ago
589 Views
9 Answers
one year ago
one year ago
Tags