Closed JaylenC closed 4 days ago
hey @JaylenC, the issue you're facing is incorrectly created /chroma/server.htpasswd
. The issue is usually observed if your hash is not bcrypt (currently we expect a bcrypt hashes in .htpasswd files). Have a look here - https://cookbook.chromadb.dev/security/auth/#basic-authentication (the gist is the -B flag(
hey @JaylenC, the issue you're facing is incorrectly created
/chroma/server.htpasswd
. The issue is usually observed if your hash is not bcrypt (currently we expect a bcrypt hashes in .htpasswd files). Have a look here - https://cookbook.chromadb.dev/security/auth/#basic-authentication (the gist is the -B flag(
Hello @tazarov , thank you very much for your response. I used the following code to create the hash:
docker run --rm --entrypoint htpasswd httpd:2 -Bbn admin admin > server.htpasswd
This can be found at https://docs.trychroma.com/deployment/auth. While the file was created correctly and its contents seemed to be correct, it did not work.
I then installed htpasswd and followed your suggested guide. That seems to have worked. However, now I keep getting the following error message when I try to test everything:
ValueError: Could not connect to tenant default_tenant. Are you sure it exists?
Unfortunately, I haven’t been able to figure out how to resolve this issue yet. Do you have any suggestions for solving this problem?
Thank you very much in advance,
@JaylenC, can you share the full error stack?
Could not connect to tenant default_tenant. Are you sure it exists?
is ambiguous and does not reveal the actual error which is usually printed up the stack. Did you see anything in server logs?
@JaylenC, can you share the full error stack?
Could not connect to tenant default_tenant. Are you sure it exists?
is ambiguous and does not reveal the actual error which is usually printed up the stack. Did you see anything in server logs?
@tazarov Sure, sorry about that. Here you go:
Traceback (most recent call last):
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\base_http_client.py", line 99, in _raise_chroma_error
resp.raise_for_status()
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\httpx\_models.py", line 763, in raise_for_status
raise HTTPStatusError(message, request=request, response=self)
httpx.HTTPStatusError: Client error '403 Forbidden' for url 'http://localhost:7000/api/v1/tenants/default_tenant'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\client.py", line 371, in _validate_tenant_database
self._admin_client.get_tenant(name=tenant)
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\client.py", line 415, in get_tenant
return self._server.get_tenant(name=name)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\telemetry\opentelemetry\__init__.py", line 146, in wrapper
return f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\fastapi.py", line 137, in get_tenant
resp_json = self._make_request("get", "/tenants/" + name)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\fastapi.py", line 87, in _make_request
BaseHTTPClient._raise_chroma_error(response)
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\base_http_client.py", line 103, in _raise_chroma_error
raise Exception(f"{resp.text} (trace ID: {trace_id})")
Exception: {"error":"AuthError","message":"Forbidden"} (trace ID: 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\Headaway\Desktop\Studium\Bachelor\Code\Help-ITC-Chatbot\production\chroma-db\client.py", line 4, in <module>
client = chromadb.HttpClient(host="localhost", port=7000,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\__init__.py", line 204, in HttpClient
return ClientCreator(tenant=tenant, database=database, settings=settings)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\client.py", line 61, in __init__
self._validate_tenant_database(tenant=tenant, database=database)
File "C:\Users\Headaway\AppData\Local\Programs\Python\Python312\Lib\site-packages\chromadb\api\client.py", line 380, in _validate_tenant_database
raise ValueError(
ValueError: Could not connect to tenant default_tenant. Are you sure it exists?
Server logs:
Chroma-DB: ERROR: [26-09-2024 10:27:27] BasicAuthenticationServerProvider.authenticate failed: AuthError('Invalid username or password')
Chroma-DB: INFO: [26-09-2024 10:27:27] 172.18.0.1:49410 - "GET /api/v1/tenants/default_tenant HTTP/1.1" 403
Chroma-DB: WARNING: [26-09-2024 10:48:28] Invalid HTTP request received.
I'm pretty sure I set the username and password correctly.
yeah httpx.HTTPStatusError: Client error '403 Forbidden' for url 'http://localhost:7000/api/v1/tenants/default_tenant'
is Auth error for sure.
But this time the htpasswd file seems to be ok.
Can you check with curl
:
curl -v http://localhost:7000/api/v1/tenants/default_tenant -u <user>:<password>
Alternatively:
docker run --rm -v ./server.htpasswd:/server.htpasswd --entrypoint htpasswd httpd:2 -vb /server.htpasswd <user> <password>
Hi, I manually encoded and checked the password in the file again, and it seemed to be different from when the file was created. I then manually adjusted the hash in the file, and now everything seems to be working:
* Server auth using Basic with user 'user1'
> GET /api/v1/collections HTTP/1.1
> Host: localhost:7000
> Authorization: Basic dXNlcjE6YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Thu, 26 Sep 2024 11:21:23 GMT
< server: uvicorn
< content-length: 2
< content-type: application/json
< chroma-trace-id: 0
<
* Connection #0 to host localhost left intact
So, there was probably some error when creating the hash. I'm not exactly sure what went wrong. I also tried creating a file again, but that didn’t work properly.
Anyway, thank you for your help.
What happened?
Hi,
I am trying to set up Basic Authentication, but unfortunately, I keep encountering the following error:
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte
As a result, the Docker container crashes.
Could you please help me resolve this issue? I’m unsure what might be causing the problem and would greatly appreciate any guidance.
Thank you in advance for your support!
Best regards,
Versions
chromadb/chroma: 0.5.7
Relevant log output