search

amir20 / dozzle

Realtime log viewer for docker containers.
https://dozzle.dev/
MIT License
5.7k stars 287 forks source link

Authentication doesn't work #3141

Closed alexander-potemkin closed 1 month ago

alexander-potemkin commented 1 month ago

🔍 Check for existing issues

How is Dozzle deployed?

Standalone Deployment

📦 Dozzle version

8.0.6

✅ Command used to run Dozzle

  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    restart: unless-stopped
    volumes:
      - ./dozzle_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DOZZLE_AUTH_PROVIDER=simple
      - DOZZLE_LEVEL=debug
    ports:
      - 127.0.0.1:8080:8080
# cat ./dozzle_data/users.yml
users:
    admin:
        password: 649ff93cb24fcb77a764d4e86a233b8dcac1c3e9ae04ded35ecd400dc6a329

🐛 Describe the bug / provide steps to reproduce it

Installed fresh version of dozzle, tried to enabled authentication, but it doesn't work - the page is still accessible for everyone.

Tried restarting everything, including the whole host.

💻 Environment

Client: Docker Engine - Community Version: 27.0.3 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.15.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.28.1 Path: /usr/libexec/docker/cli-plugins/docker-compose

Server: Containers: 13 Running: 9 Paused: 0 Stopped: 4 Images: 9 Server Version: 27.0.3 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e runc version: v1.1.13-0-g58aa920 init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 5.15.0-116-generic Operating System: Ubuntu 22.04.4 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 856.4MiB Name: ID: b35cd0b2-380d-4b90-819e-f967bd2e72d2 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

📸 If applicable, add screenshots to help explain your bug

No response

📜 If applicable, attach your Dozzle logs. You many need to enable debug mode. See https://dozzle.dev/guide/debugging.

{"time":"2024-07-23T14:48:43Z","level":"info","msg":"Dozzle version v8.0.6"} {"time":"2024-07-23T14:48:43Z","level":"info","msg":"Connected to 1 Docker Engine(s)"} {"time":"2024-07-23T14:48:43Z","level":"info","msg":"Accepting connections on :8080"}

amir20 commented 1 month ago

Hmm I am running with auth just fine. I am going to copy your config and see if I can reproduce it.

amir20 commented 1 month ago

Sorry, I wasn't able to reproduce this. When using your example, I get an error: 

time="2024-07-23T15:38:29Z" level=fatal msg="User admin has an invalid password hash"

When I use docker run amir20/dozzle generate admin --password test. Then it all works.

There is probably something wrong with your configuration. I have nightly tests https://github.com/amir20/dozzle/blob/daf8cf815b00919c1aba3850a68dda44a61fa854/docker-compose.yml#L15-L23 which test auth.

amir20 commented 1 month ago

Also if you are passing DOZZLE_AUTH_PROVIDER=simple correctly and it can't find users.yml then it will show an error and not start. So you might not be starting Dozzle correctly with the compose file.

alexander-potemkin commented 1 month ago

Sorry, I wasn't able to reproduce this. When using your example, I get an error:

time="2024-07-23T15:38:29Z" level=fatal msg="User admin has an invalid password hash"

When I use docker run amir20/dozzle generate admin --password test. Then it all works.

There is probably something wrong with your configuration. I have nightly tests

https://github.com/amir20/dozzle/blob/daf8cf815b00919c1aba3850a68dda44a61fa854/docker-compose.yml#L15-L23

which test auth.

Thank you for your prompt response! I messed with password hash before publishing it, so I don’t think that’s an issue.

I can’t see errors as well - I copied all of the logs I have.

I’ve spend quite some time before raising an issue, as I understand that it must be working…

Any troubleshooting steps you could offer please?

amir20 commented 1 month ago

I have a strong suspicion that Dozzle is not starting correctly with the right flags.

I have made a PR with more logs. You can test it with amir20/dozzle:pr-3143. You need enable debug logs with DOZZLE_LEVEL=debug.

You should see something like: 

❯ docker run -e DOZZLE_AUTH_PROVIDER=simple -e DOZZLE_LEVEL=debug  -v ./e2e/data:/data -v /var/run/docker.sock:/var/run/docker.sock amir20/dozzle:pr-3143                                                                                                                          9:47:46
time="2024-07-23T16:48:00Z" level=info msg="Dozzle version pr-3143"
time="2024-07-23T16:48:00Z" level=debug msg="filterArgs = {map[]}"
time="2024-07-23T16:48:00Z" level=debug msg="connected to local Docker Engine"
time="2024-07-23T16:48:00Z" level=debug msg="found a new host ID: ivkagb8ir869qgj2ft73t2fbg, Endpoint: local, nCPU: 12, memTotal: 6206038016"
time="2024-07-23T16:48:00Z" level=info msg="Connected to 1 Docker Engine(s)"
time="2024-07-23T16:48:00Z" level=debug msg="Using simple authentication"
time="2024-07-23T16:48:00Z" level=debug msg="Reading users from /data/users.yml"
time="2024-07-23T16:48:00Z" level=debug msg="Read 1 users"
time="2024-07-23T16:48:00Z" level=info msg="Accepting connections on :8080"
time="2024-07-23T16:48:00Z" level=debug msg="subscribing to docker events from container store ID: ivkagb8ir869qgj2ft73t2fbg, Endpoint: local, nCPU: 12, memTotal: 6206038016"
time="2024-07-23T16:48:00Z" level=debug msg="finding container with id: 2a4998068791"
time="2024-07-23T16:48:00Z" level=debug msg="finding container with id: b5321c2534a3"
time="2024-07-23T16:48:00Z" level=debug msg="finding container with id: 1244440a87bc"
time="2024-07-23T16:48:00Z" level=debug msg="finding container with id: d71bb8833969"
^Ctime="2024-07-23T16:48:04Z" level=info msg="shutting down gracefully, press Ctrl+C again to force"
time="2024-07-23T16:48:04Z" level=debug msg="shutdown complete"

If you don't see Using simple authentication then you are not starting Dozzle correctly with authentication.

alexander-potemkin commented 1 month ago

@amir20 , thank you - I changed only the image line to amir20/dozzle:pr-3143 - nothing else - and authorization started working!

amir20 commented 1 month ago

I added nothing but log statements . So you probably did something on your side.

alexander-potemkin commented 1 month ago

Absolutely nothing! Like not a single character :)

Thank you for the fix anyway 🙂 Does it mean the next official version shall also work (you are going to merge those magical lines there)?

amir20 commented 1 month ago

Seriously, I didn't add anything but a few logs. https://github.com/amir20/dozzle/pull/3143/files

It wouldn't fix anything.

Does it mean the next official version shall also work (you are going to merge those magical lines there)?

I have no idea. Based on the logs, you didn't even have authentication enabled. Enable debug next time.

I won't be able to help much.

alexander-potemkin commented 1 month ago

DEBUG was enabled - you can see that from my config.

I don’t know what happened either. My only guess - is something about Docker’s cache, which got released with the new image.