Closed rho-sk closed 1 year ago
My assumption is that, there is problem with rewrite rules in kibana config. Because i did test with bypassed direct connection to container:
I think there you issue is related to traefik route configuration in case of https
https://github.com/openvinotoolkit/cvat/blob/develop/components/analytics/kibana_conf.yml#L5
My assumption is that, there is problem with rewrite rules in kibana config. Because i did test with bypassed direct connection to container:
- exposed 5601 from kibana container
- did ssh connect with -L localhost:5601:localhost:5601
- access http://localhost:5601/api/status , all looks "green"
- than any attempt http://localhost:5601/analytics/, http://localhost:5601/analytics/app/kibana - there's 404
Hi, I think this issue is related to traefik route configuration in case of https
There is missed websecure
entrypoint
https://github.com/openvinotoolkit/cvat/blob/develop/components/analytics/kibana_conf.yml#L5 that added by docker-compose.https.yaml
for frontend and backend services
Moving forward :-)
Make sense to change websecure, so kibana_conf.yml looks
http: routers: kibana: entryPoints: - websecure middlewares: - analytics-auth - strip-prefix service: kibana rule: Host(`{{ env "CVAT_HOST" }}`) && PathPrefix(`/analytics`) middlewares: analytics-auth: forwardauth: address: http://cvat:8080/analytics authRequestHeaders: - "Cookie" - "Authorization" strip-prefix: stripprefix: prefixes: - /analytics services: kibana: loadBalancer: servers: - url: http://{{ env "DJANGO_LOG_VIEWER_HOST" }}:{{ env "DJANGO_LOG_VIEWER_PORT" }} passHostHeader: false
There is also another problem, that this rule is not loaded by traefik, because "file.provider" is removed, via new "command" directive in docker-compose.https.yml Solution for this BUG is to add
- "--providers.file.directory=/etc/traefik/rules"
to file (this can be permanent for everybody) https://github.com/openvinotoolkit/cvat/blob/develop/docker-compose.https.yml#L23
But problem still remains, i put traefik into debug mode. And here are the logs. There is request to /analytics, but its forwared internally to service at 80 port. So it seems there is problem with order of rules in traefik ?!
Well, i found the problem, after i enabled traefik dashboard and saw that rule for kibana has no tls.
So my local fix when https is used together with analytics is:
https://github.com/openvinotoolkit/cvat/blob/develop/components/analytics/kibana_conf.yml
https://github.com/openvinotoolkit/cvat/blob/develop/docker-compose.https.yml
My working kibana_conf.yml:
http: routers: kibana: entryPoints: - websecure middlewares: - analytics-auth - strip-prefix service: kibana tls: {} rule: Host(`{{ env "CVAT_HOST" }}`) && PathPrefix(`/analytics`) middlewares: analytics-auth: forwardauth: address: http://cvat:8080/analytics authRequestHeaders: - "Cookie" - "Authorization" strip-prefix: stripprefix: prefixes: - /analytics services: kibana: loadBalancer: servers: - url: http://{{ env "DJANGO_LOG_VIEWER_HOST" }}:{{ env "DJANGO_LOG_VIEWER_PORT" }} passHostHeader: false
But this is not generic fix for github repo So, it is still valid bug, which remains unfixed in this repository, thats why i will not close this issue.
We've faced the same problem. Is there more generic fix?
Nice fix. It worked for me with the same configuration and on GCP too. Thanks for you're help !
Did you use letsencrypt? I am using a self signed cert and I think this may add another layer to this problem since your solution doesn't seem to fix this issue for me. I am still getting routed back to the task page
thanks @rho-sk good job, your solutions works for me!
Analytics was signgificantly redesigned in new releases. I will close the issue as outdated.
My actions before raising this issue
Expected Behaviour
As described in docu, when admin or business user clicks on "Analytics" in top toolbar, kibana should appear.
Current Behaviour
Possible Solution
Steps to Reproduce (for bugs)
server is on public cloud (gcloud), there is public IP allocated, cloud DNS record is pointed to this IP, fw rules are enabled
Install as usual version 2.0.0
Build
Run (i have small sh scipt for that)
superuser account is created (i have small sh scipt for silent mode)
Context
I need analytics, to see how "labelers" are performing, because they are paid by their performance.
Your Environment
git log -1
): commit 6fd7a0e1aef17793d41a2362c0f8db53d9d83eacdocker version
(e.g. Docker 17.0.05): 20.10.14Next steps
You may join our Gitter channel for community support.