Menu
As I am logging my entire models and params into mlflow I thought it will be a good idea to have it protected under a user name and password.
I use the following code to run the mlflow server
mlflow server --host 0.0.0.0 --port 11111
works perfect,in mybrowser i type myip:11111 and i see everything (which eventually is the problem)
If I understood the documentation and the following https://groups.google.com/forum/#!topic/mlflow-users/E9QW4HdS8a8 link here correct, I should use nginx to create the authentication.
I installed nginx open sourcre and apache2-utils
created sudo htpasswd -c /etc/apache2/.htpasswd user1 user and passwords.
I edited my /etc/nginx/nginx.conf to the following:
server {
listen 80;
listen 443 ssl;
server_name my_ip;
root NOT_SURE_WHICH_PATH_TO_PUT_HERE, THE VENV?;
location / {
proxy_pass my_ip:11111/;
auth_basic "Restricted Content";
auth_basic_user_file /home/path to the password file/.htpasswd;
}
}
but no authentication appears.
if I change the conf to listen to listen 11111
I get an error that the port is already in use ( of course, by the mlflow server....)
my wish is to have a authentication window before anyone can enter by the mlflow with a browser.
would be happy to hear any suggestions.
546
MLFlow can be installed simply with a command such as pip install mlflow. MLFlow UI can be started using a command such as mlflow ui. Machine learning model training logs can be written by using MLFlow APIs/methods in the model training code.
I also met a similar problem recently when I call mlflow ui in the remote server. The Ctrl + C in the command line to exit usually works. However, When it doesn't, using pkill -f gunicorn solves my problem. Note, you can also use ps -A | grep gunicorn to first find the process and kill [PID] manually.
the problem here is that both mlflow and nginx are trying to run on the same port...
first lets deal with nginx:
1.1 in /etc/nginx/sites-enable make a new file sudo nano mlflow and delete the exist default.
1.2 in mlflow file:
server {
listen YOUR_PORT;
server_name YOUR_IP_OR_DOMAIN;
auth_basic “Administrator’s Area”;
auth_basic_user_file /etc/apache2/.htpasswd; #read the link below how to set username and pwd in nginx
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
}
1.3. restart nginx sudo systemctl restart nginx
mlflow server --host localhost --port 8000
Now if you try access the YOUR_IP_OR_DOMAIN:YOUR_PORT within your browser an auth popup should appear, enter your host and pass and now you in mlflow
now there are 2 options to tell the mlflow server about it:
3.1 set username and pwd as environment variable
export MLFLOW_TRACKING_USERNAME=user export MLFLOW_TRACKING_PASSWORD=pwd
3.2 edit in your /venv/lib/python3.6/site-packages/mlflowpackages/mlflow/tracking/_tracking_service/utils.py the function
def _get_rest_store(store_uri, **_):
def get_default_host_creds():
return rest_utils.MlflowHostCreds(
host=store_uri,
username=replace with nginx user
password=replace with nginx pwd
token=os.environ.get(_TRACKING_TOKEN_ENV_VAR),
ignore_tls_verification=os.environ.get(_TRACKING_INSECURE_TLS_ENV_VAR) == 'true',
)
in your .py file where you work with mlflow:
import mlflow
remote_server_uri = "YOUR_IP_OR_DOMAIN:YOUR_PORT" # set to your server URI
mlflow.set_tracking_uri(remote_server_uri)
mlflow.set_experiment("/my-experiment")
with mlflow.start_run():
mlflow.log_param("a", 1)
mlflow.log_metric("b", 2)
A link to nginx authentication doc https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
102
If you just want MLFlow installed with some basic authentication you can use mlflow-easyauth to get a Docker container with HTTP basic auth (username/password) setup integrated. It uses Nginx under the hood. Authentication details are configured using environment variables.
Disclaimer: I am the maintainer of that project
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
