如何通过 nginx ssl 身份验证连接 mlflow 服务器?
How can I connect mlflow server via nginx ssl authentication?
系统信息
OS 平台和分布:Windows 10
安装 MLflow:使用 pip
MLflow版本:1.24.0版
**Python 版本:Python 3.9.7 **
描述问题
我创建了一个 docker-compose 系统,带有 backend/artifact 存储、mlflow 服务器和 nginx 以添加身份验证层。
...
mlflow:
restart: always
build: .
environment:
- AWS_ACCESS_KEY_ID=${MINIO_USR}
- AWS_SECRET_ACCESS_KEY=${MINIO_PASS}
expose:
- '5000'
networks:
- frontend
- backend
depends_on:
- storage
image: 'mlflow:Dockerfile'
container_name: mlflow_server_nginx
nginx:
restart: always
build: ./nginx
container_name: mlflow_nginx
ports:
- 5043:443
links:
- mlflow:mlflow
volumes:
- 'path/to/nginx/auth:/etc/nginx/conf.d'
- 'path/to/nginx/nginx.conf:/etc/nginx/nginx.conf:ro'
networks:
- frontend
depends_on:
- mlflow
我已经通过 htpasswd 创建了一个 user/password,并使用 openssl 和我的-mlflow.com 服务器名称创建了一个自定义 SSL CA (.pem/.key)。
构建 docker-compose 系统后,我可以通过浏览器访问 mlflow UI。但是当我尝试使用 python 尝试不同的方法来创建一个新实验时,我得到了下一个错误:
执行代码 1:
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
#os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
#os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))
在阅读文档中的一些注释和相关问题后,我接下来尝试了
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
#os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:4012)')))
终于
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
#os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLCertVerificationError("hostname 'localhost' doesn't match '*.my-mlflow.com'")))
你能给我一些解决方法的提示吗?
非常感谢!
费尔南多....
您可以设置:
os.environ['MLFLOW_TRACKING_INSECURE_TLS'] = 'true'
然后尝试直接从那里获取您的 cert-chain 用于生产。
系统信息 OS 平台和分布:Windows 10 安装 MLflow:使用 pip MLflow版本:1.24.0版 **Python 版本:Python 3.9.7 **
描述问题 我创建了一个 docker-compose 系统,带有 backend/artifact 存储、mlflow 服务器和 nginx 以添加身份验证层。
...
mlflow:
restart: always
build: .
environment:
- AWS_ACCESS_KEY_ID=${MINIO_USR}
- AWS_SECRET_ACCESS_KEY=${MINIO_PASS}
expose:
- '5000'
networks:
- frontend
- backend
depends_on:
- storage
image: 'mlflow:Dockerfile'
container_name: mlflow_server_nginx
nginx:
restart: always
build: ./nginx
container_name: mlflow_nginx
ports:
- 5043:443
links:
- mlflow:mlflow
volumes:
- 'path/to/nginx/auth:/etc/nginx/conf.d'
- 'path/to/nginx/nginx.conf:/etc/nginx/nginx.conf:ro'
networks:
- frontend
depends_on:
- mlflow
我已经通过 htpasswd 创建了一个 user/password,并使用 openssl 和我的-mlflow.com 服务器名称创建了一个自定义 SSL CA (.pem/.key)。
构建 docker-compose 系统后,我可以通过浏览器访问 mlflow UI。但是当我尝试使用 python 尝试不同的方法来创建一个新实验时,我得到了下一个错误: 执行代码 1:
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
#os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
#os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))
在阅读文档中的一些注释和相关问题后,我接下来尝试了
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
#os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:4012)')))
终于
# Setting the requried environment variables
os.environ['MLFLOW_S3_ENDPOINT_URL'] = 'https://localhost:9000'
os.environ['AWS_ACCESS_KEY_ID'] = 'user'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'password'
# Set username and password for added authentication
#os.environ['MLFLOW_TRACKING_URI '] = 'https://localhost:5043/'
#os.environ['MLFLOW_TRACKING_USERNAME '] = 'user'
#os.environ['MLFLOW_TRACKING_PASSWORD '] = 'password'
os.environ['MLFLOW_TRACKING_SERVER_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
#os.environ['MLFLOW_TRACKING_CLIENT_CERT_PATH'] = 'path/to/nginx/auth/domain.pem'
# MLflow enviroment
remote_server_uri = "https://user:password@localhost:5043/" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("MLflow_demo")
错误:
MlflowException: API request to https://user:password@localhost:5043/api/2.0/mlflow/experiments/list failed with exception HTTPSConnectionPool(host='localhost', port=5043): Max retries exceeded with url: /api/2.0/mlflow/experiments/list?view_type=ALL (Caused by SSLError(SSLCertVerificationError("hostname 'localhost' doesn't match '*.my-mlflow.com'")))
你能给我一些解决方法的提示吗?
非常感谢! 费尔南多....
您可以设置:
os.environ['MLFLOW_TRACKING_INSECURE_TLS'] = 'true'
然后尝试直接从那里获取您的 cert-chain 用于生产。