-
|
Hello, I am trying to call Arkime's View API from another Docker container. I can successfully reach Arkime's API from the host where I have Malcolm running via authentication. Since, I am building app that would consume data directly from Arkime, but I seem unable to authenticate to Arkime's View API from another Docker container or even from within the Arkime container itself. Interestingly, I am able to send a request to an Arkime endpoint that does not require authentication, for example:
Any guidance on why authentication may be failing when called from within Docker would be appreciated. For context I am using Malcolm v24.04 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Sure! Since all authentication actually happens in the $ docker compose exec dashboards-helper \
> curl -ksS \
> -H 'Authorization: ' \
> -H 'http_auth_http_user: guest' \
> "https://arkime:8005/api/files" | jq
{
"recordsTotal": 2,
"recordsFiltered": 2,
"data": [
{
"node": "malcolm-upload",
"packetPosEncoding": "gap0",
"packetsSize": 65616470,
"num": 101,
"name": "/data/pcap/processed/foobar.pcap",
"filesize": 65616470,
"locked": 1,
"first": 1647547366,
"packets": 228335,
"cratio": 0
},
{
"node": "malcolm-upload",
"packetPosEncoding": "gap0",
"packetsSize": 177023616,
"num": 102,
"name": "/data/pcap/processed/barbaz.pcap",
"filesize": 177023616,
"locked": 1,
"first": 1725812103,
"packets": 252310,
"cratio": 0
}
]
}Those two HTTP headers ( In contrast, since all external access to the Arkime API (or any of the other Malcolm UI or API endpoints) must go through the curl -ksSL -u 'analyst:xxxxxx' https://malcolm.example.com/arkime/api/files | jq
{
"recordsTotal": 1,
"recordsFiltered": 1,
"data": [
{
"node": "malcolm-upload",
"packetPosEncoding": "gap0",
"packetsSize": 177023616,
"num": 101,
"name": "/data/pcap/processed/barbaz.pcap",
"filesize": 177023616,
"locked": 0,
"first": 1588056997,
"packets": 252310,
"cratio": 0
}
]
}This is just to assure us that simply providing those headers doesn't work from an external connection: curl -ksSL -H 'Authorization: ' -H 'http_auth_http_user: analyst' https://malcolm.example.com/arkime/api/files
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>Does that answer your question, @jedagda ? |
Beta Was this translation helpful? Give feedback.
-
|
@mmguero That worked perfectly and this approach makes my life much easier. Thank you for your help! |
Beta Was this translation helpful? Give feedback.
Sure! Since all authentication actually happens in the
nginx-proxyreverse proxy container, access between containers on the same Docker network actually occurs unauthenticated. That means that in order to do something likecurlfrom within another Docker container to the Arkime docker container, there are some other headers we need to specify to indicate to Arkime that we're already authenticated as a particular user, the same way the nginx-proxy container does: