Use JetBrains Hub for Docker installation
You can use JetBrains Hub (further in the article referred to as Hub) for user authentication and user management in Datalore. Hub supports most popular auth modules.
Add the following volumes to your docker-compose.yaml file:
volumes: hub-data: { } hub-conf: { } hub-logs: { } hub-backups: { }
Add the following service to your docker-compose.yaml file:
services: ... hub: image: jetbrains/hub:2022.3.15573 ports: - "8082:8080" networks: - datalore-backend-network volumes: - "hub-data:/opt/hub/data" - "hub-conf:/opt/hub/conf" - "hub-logs:/opt/hub/logs" - "hub-backups:/opt/hub/backups"
Run
docker compose up hub
to run Hub only (we assume that Datalore is not running at the moment).Check the docker output (use the
docker compose logs hub
command if running in the detached mode). It should contain a line like this:JetBrains Hub 2022.2 Configuration Wizard will listen inside container on {0.0.0.0:8080}/ after start and can be accessed by URL [http://<put-your-docker-HOST-name-here>:<put-host-port-mapped-to-container-port-8080-here>/?wizard_token=pPXTShp4NXceXqGYzeAq].
Copy the
wizard_token
value to the clipboard.Go to http://127.0.0.1:8082/ and insert the token from the previous step into the Token field.
Click the Log in button.
Click the Set Up link.
note
The following steps assume that you use an SSL terminating reverse proxy and remain on the HTTP tab of the Confirm Settings page. In case you choose a different procedure and switch to the HTTPS tab, refer to this page for more details.
Generate a URL (referred to as
HUB_ROOT_URL
later) to access Hub from Datalore. Consider the following:The URL must be accessible from both the machine you run Docker Compose on and the browser (by the end users of your Datalore installation).
The URL must point to the
/
path of your Hub installation, i.e. http://127.0.0.1:8080/ inside the container where Hub is running. If you haven't remapped any ports, it's also http://127.0.0.1:8082/ on the machine where Docker compose in running.How you serve such a URL depends on the specifics of your infrastructure configuration. For example, if the machine you run Docker compose on is accessible from the Internet, you may just use its IP address: http://IP_ADDRESS:8082/.
In Base URL, enter
HUB_ROOT_URL
. Do not change the Application Listen Port setting.Click the Next button.
Configure the admin account by setting the admin password.
Click the Next button.
Click the Finish button and wait for Hub to start.
Go to HUB_ROOT_URL and log into Hub via admin account.
Create one more URL (referred to as DATALORE_ROOT_URL later) to access Datalore. Consider the following:
The URL must be accessible from the browser (by the end users of your Datalore installation).
The URL must point to the / path of your Datalore installation, i.e. http://127.0.0.1:8080/ inside the container where Datalore will be launched.
How you serve such a URL depends on the specifics of your infrastructure configuration. For example, if the machine you run Docker compose on is accessible from the Internet, you can just use its IP address.
Go to Services(
${HUB_ROOT_URL}/hub/services
) and click the New service button. Use the namedatalore
and enterDATALORE_ROOT_URL
in Home URL.Copy the ID field value and save it somewhere: it is used when configuring Datalore (
$HUB_DATALORE_SERVICE_ID
property).Click the Change... button next to the Secret label.
Copy the generated secret and save it somewhere: it will be used when configuring Datalore (
$HUB_DATALORE_SERVICE_SECRET
property).Click the Change secret button.
Enter
DATALORE_ROOT_URL
in the Base URLs field.Enter the line
/api/hub/openid/login
in the Redirect URIs field.Click the Trust Service button in the upper right corner.
Click the Save button.
Go to Users (
${HUB_ROOT_URL}/hub/users
).Click your admin username.
Switch to the Account Security tab.
Click the New token... button.
Add Hub and Datalore into Scope. You can use any Name. Click the Create button. Copy the token (with the perm: prefix) and save it somewhere. It will be used when configuring Datalore (
$HUB_PERM_TOKEN
property).
Datalore uses user emails from Hub; so it is recommended to force email verification in Hub. Users with unverified emails will not be able to use Datalore.
Configure the SMTP server:
Go to SMTP (
${HUB_ROOT_URL}/hub/smtp-settings
).Click the Configure SMTP server... button.
Configure your SMTP server parameters.
Click the Save button.
Click the Enable notifications button.
(Optional) To make sure your configuration is working, click the Send Test message button.
Enable email verification:
Go to Auth Modules (
${HUB_ROOT_URL}/hub/authmodules
).Open the Common settings page.
Enable the Email verification option.
Click the Save button.
Set and verify an admin user email:
Go to Users (
${HUB_ROOT_URL}/hub/users
).Click your admin username.
Set an email in the Email field.
Click the Save button.
Click the Send verification email link.
Find the verification email in your inbox and click the Verify email address button.
Go to Auth Modules (
${HUB_ROOT_URL}/hub/authmodules
).Add or remove auth modules (for example, Google auth, GitHub auth, LDAP, and so on). Find more details here.
Edit the docker-compose.yaml file. Define the following environment values under
services:
datalore:
environment:
| Base public (accessible via browser) URL of your Hub installation ( |
| URL that Datalore uses internally to access Hub. By default, set it to "http://hub:8080/hub". |
| ID of the Datalore service in Hub (see Configure the Datalore service). |
| Token of the Datalore service in Hub (see Configure the Datalore service). |
| Token for accessing Datalore and Hub scopes (see Create a Hub token). |
| Used to specify whether email verification is required from the Datalore user. Set to |
Example
services:
datalore:
environment:
...
HUB_PUBLIC_BASE_URL: "http://127.0.0.1:8082/hub"
HUB_INTERNAL_BASE_URL: "http://hub:8080/hub"
HUB_DATALORE_SERVICE_ID: "9030674b-2679-495a-b606-c554384f42a3"
HUB_DATALORE_SERVICE_SECRET: "sHCpaPQfPWco"
HUB_PERM_TOKEN: "perm:YWRtaW4=.NDUtMA==.MBJEauHYuzg9nSXS6d1FkJ93zZcZvT"
HUB_FORCE_EMAIL_VERIFICATION: "false"