search

hummingbot / dashboard

Application that helps you create, backtest, deploy, and manage Hummingbot instances
Apache License 2.0
189 stars 124 forks source link

Non-working authorization deployed with docker #180

Closed cllasyx closed 2 months ago

cllasyx commented 2 months ago

Describe the bug

I started the hummingbot via docker compose from the deploy repository and tested it out little bit. After some time I wanted to try the authorization screen so I changed the AUTH-SYSTEM-ENABLED to True and used almost default credentials in credentials.yml such as:

# This only works if you change the env variable in the docker-compose.yml
credentials:
  usernames:
    admin:
      email: test@mail.com
      name: Test User
      logged_in: False
      password: abc
cookie:
  expiry_days: 0
  key: some_key # Must be string
  name: some_name
pre-authorized:
  emails:
  - test@mail.com

Next I ran the bash script via bash setup.sh as stated in documentation but after accessing the web UI and entering the credentials I see this:

dashboard_login

Web UI was in a "Running" state when I clicked on login but after a few seconds error popped up.

Docker logs do not show any useful information.

user@hostname:~$ docker logs dashboard -f
Collecting usage statistics. To deactivate, set browser.gatherUsageStats to false.

  You can now view your Streamlit app in your browser.

  Network URL: http://172.21.0.15:8501
  External URL: http://REDACTED:8501
user@hostname:~$ docker logs backend-api -f
INFO:     Started server process [14]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
user@hostname:~$ docker logs hummingbot-broker -f
WARNING: Default (insecure) Erlang cookie is in use.
WARNING: Configure node.cookie in /opt/emqx/etc/emqx.conf or override from environment variable EMQX_NODE__COOKIE
WARNING: NOTE: Use the same cookie for all nodes in the cluster.
EMQX_RPC__PORT_DISCOVERY [rpc.port_discovery]: manual
EMQX_CLUSTER__STATIC__SEEDS [cluster.static.seeds]: [...]
EMQX_CLUSTER__STATIC__SEEDS [cluster.static.seeds.1]: emqx@node1.emqx.local
EMQX_CLUSTER__DISCOVERY_STRATEGY [cluster.discovery_strategy]: static
EMQX_NODE__NAME [node.name]: emqx@node1.emqx.local
Listener tcp:default on 0.0.0.0:1883 started.
Listener ssl:default on 0.0.0.0:8883 started.
Listener ws:default on 0.0.0.0:8083 started.
Listener wss:default on 0.0.0.0:8084 started.
Listener http:dashboard on :18083 started.
EMQX 5.8.0 is running now!

My docker-compose.yml looks like this:

services:
  dashboard:
    container_name: dashboard
    image: hummingbot/dashboard:latest
    ports:
      - "192.168.0.100:8501:8501"
    environment:
        - AUTH_SYSTEM_ENABLED=True
        - BACKEND_API_HOST=backend-api
        - BACKEND_API_PORT=8000
    volumes:
      - ./credentials.yml:/home/dashboard/credentials.yml
      - ./pages:/home/dashboard/frontend/pages
    networks:
      emqx-bridge:
        ipv4_address: "172.21.0.15"
  backend-api:
    container_name: backend-api
    image: hummingbot/backend-api:latest
    ports:
      - "192.168.0.100:8000:8000"
    volumes:
      - ./bots:/backend-api/bots
      - /var/run/docker.sock:/var/run/docker.sock
    env_file:
      - .env
    environment:
      - BROKER_HOST=emqx
      - BROKER_PORT=1883
    networks:
      - emqx-bridge
  emqx:
    container_name: hummingbot-broker
    image: emqx:5
    restart: unless-stopped
    environment:
      - EMQX_NAME=emqx
      - EMQX_HOST=node1.emqx.local
      - EMQX_CLUSTER__DISCOVERY_STRATEGY=static
      - EMQX_CLUSTER__STATIC__SEEDS=[emqx@node1.emqx.local]
      - EMQX_LOADED_PLUGINS="emqx_recon,emqx_retainer,emqx_management,emqx_dashboard"
    volumes:
      - emqx-data:/opt/emqx/data
      - emqx-log:/opt/emqx/log
      - emqx-etc:/opt/emqx/etc
    ports:
      - "192.168.0.100:1883:1883"  # mqtt:tcp
      - "192.168.0.100:8883:8883"  # mqtt:tcp:ssl
      - "192.168.0.100:8083:8083"  # mqtt:ws
      - "192.168.0.100:8084:8084"  # mqtt:ws:ssl
      - "192.168.0.100:8081:8081"  # http:management
      - "192.168.0.100:18083:18083"  # http:dashboard
      - "192.168.0.100:61613:61613"  # web-stomp gateway
    networks:
      emqx-bridge:
        aliases:
          - node1.emqx.local
    healthcheck:
      test: [ "CMD", "/opt/emqx/bin/emqx_ctl", "status" ]
      interval: 5s
      timeout: 25s
      retries: 5

networks:
  emqx-bridge:
    driver: bridge
    ipam:
      config:
        - subnet: 172.21.0.0/16
          gateway: 172.21.0.1

volumes:
  emqx-data: { }
  emqx-log: { }
  emqx-etc: { }

Steps to reproduce bug

  1. Pull the repository
    • user@hostname:~$ git clone https://github.com/hummingbot/deploy.git; cd deploy
  2. Set the authentication boolean to true
    • look at docker-compose.yml
  3. Start docker container
    • user@hostname:~/deploy$ bash setup.sh
  4. Access the web UI and try to enter credentials from credentials.yml
cllasyx commented 2 months ago

I fixed it myself - found out in this youtube video that I need hash of the password in the credentials.yml file instead of plain-text password itself.

If you have deployed the dashboard with backend-api and emqx-broker via docker from this git repo, then do the following steps THE SAME WAY (only change your password)!

Head over to the hummingbot/deploy folder and issue these commands in your console:

  1. user@hostname:~/deploy$ docker exec -it dashboard /bin/bash
  2. (base) root@afc549bfd12b:/home/dashboard# conda activate dashboard ← IMPORTANT
  3. (dashboard) root@afc549bfd12b:/home/dashboard# python
  4. >>> import streamlit_authenticator as stauth
  5. >>> stauth.Hasher(["abc"]).generate() ['$2b$12$u.vcJD6bFvI0nhJPjWc7/uQNJWbBYAvkGde8LAbE.gbbQZXqqM5s6']

Edit your credentials.yml for the password abc (in my case) with the password hash without single quoations generated in step 5.

# This only works if you change the env variable in the docker-compose.yml
credentials:
  usernames:
    admin:
      email: test@mail.com
      name: Test User
      logged_in: False
      password: $2b$12$u.vcJD6bFvI0nhJPjWc7/uQNJWbBYAvkGde8LAbE.gbbQZXqqM5s6
cookie:
  expiry_days: 0
  key: some_key # Must be string
  name: some_name
pre-authorized:
  emails:
  - test@mail.com

Don't forget to restart the container: user@hostname:~$ docker restart dashboard

Result: Successful login with username admin and password abc into the hummingbot dashboard at URL 192.168.0.100:8501.

gordonkoehn commented 1 month ago

Fantastic ! Thanks for documenting this! Ran into the same confusion.

Note to future encounters: humminbot-dashboard has evolved since then, so the preconfigured conda environment that is supposed to be used here does not come with the clone of hummingbot-deploy. Instead, just create a local Python environment wherever with streamlit_authenticator to run the Python commands.

Further, the API of streamlit_authenticator has changed since to now: stauth.Hasher([plainTextPW]).hash(plainTextPW)

Syntax seems redundant to me, yet it works just fine.