Hi DashingKoala39 🙂
Fixed users passwords shouldn't be related to the keys and secrets in the docker compose file. Can you expand on which keys/secrets you changed?
Hi SuccessfulKoala55 ! That's what I thought too. I was following the docs on how to best secure the server https://clear.ml/docs/latest/docs/deploying_clearml/clearml_server_security and so did the SSL, set up the fixed users, set up object storage, then for the secrets I set them as environment variables in the docker compose file and I set all of the variables list there so:
CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER: "new-secret-string" CLEARML__SECURE__AUTH__TOKEN_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_SECRET: "new-secret-string" CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY: "new-key-string" CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET: "new-secret-string"
I just generated some random strings, but when I took the server down then up again with docker-compose after doing that, I could no longer log in with any of the fixed users info.
Sorry, I forgot to add in to here too that I tested earlier and if I remove those variables from the docker-compose file I have no problem logging in again.
Just as a precaution, did you try deleting your browser's cookies, or logging in using a private session?
Yes, I even used a completely different browser and private mode on that browser to be extra sure. However, I did just go key by key to try to see if it is just one of them that is causing me to be unable to login, each time clearing out all the site data and this time when I reached the end and removed all the key/secret alterations from the docker compose file, I can no longer access the application with my username and password in my fixed users list
The interesting bit though is I didn't see what the issue was earlier because I forgot to check, but looking at the network tab I see the auth.login request is actually returning with a 500 error not a 403 or something and is saying Failed processing request
http://domain/v2.23/auth.login where domain is my custom domain. I'm not sure why it isn't use https for that request
in my apiserver.conf file I have the auth{} bracket with fixed_users (hashed passwords) and also included the cookies{} entry with httpsonly: true and secure: true
Can you see if you can locate an error in the apiserver container log?
Oh I think I finally found an error in there that was it! It looks like the property is httponly not httpsonly, and when I changed that and added all the keys and secrets back in, I am able to get in this time! I suppose I added that along with the keys last time but I thought I tested in between, but maybe it was a cache thing. I think I'm good, thanks for the help!