Configure Basic Authentication for MLflow

You can use the steps below to configure NGINX as a reverse proxy that protects access to MLflow running on a node with basic authentication (username and password).

Access http://<your-server> and enter the username and password to reach the MLflow UI running on a node.

Steps to install

1. Install Nginx (if not already installed)

On Ubuntu/Debian:

xxxxxxxxxx

sudo apt update

sudo apt install nginx -y

On RHEL/CentOS:

xxxxxxxxxx

sudo yum install nginx -y

sudo systemctl enable nginx

2. Install apache2-utils to create .htpasswd.

xxxxxxxxxx

sudo apt install apache2-utils  # Debian_Ubuntu

# OR

sudo yum install httpd-tools    # RHEL_CentOS

3. Create the password file (.htpasswd).

xxxxxxxxxx

sudo htpasswd -c _etc_nginx_.htpasswd mlflowuser

You’ll be prompted to enter a password. Replace mlflowuser with your preferred username.

4. Configure Nginx reverse proxy with basic authentication.

Edit or create the file:

xxxxxxxxxx

sudo nano _etc_nginx_conf.d_mlflow.conf

Paste this configuration:

xxxxxxxxxx

server {

    listen 80;

    server_name 10.100.11.72;

    location _ {

        proxy_pass http:__10.100.11.72:5000;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        auth_basic "Restricted Access";

        auth_basic_user_file _etc_nginx_.htpasswd;

    }

}

Optional: Replace mlflow.local with your domain or server IP, or use _ to match all incoming requests.

5. Test and reload Nginx

xxxxxxxxxx

sudo nginx -t

sudo systemctl reload nginx

6. (Optional) Add a hosts entry for mlflow.local.

If you're using a custom domain name like mlflow.local, add an entry on your local machine to map it to the MLflow server.

Open the hosts file:

xxxxxxxxxx

sudo nano _etc_hosts

Add the following line (replace with your server IP if different):

xxxxxxxxxx

<IP address> mlflow.local

Save and close the file.

This is only needed if you're using a fake domain instead of the IP.

Secure MLflow with SSL (Optional but Recommended)

1. Generate a self-signed SSL certificate

xxxxxxxxxx

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\

 -keyout _etc_ssl_private_mlflow.key \\

 -out _etc_ssl_certs_mlflow.crt

2. Update your NGINX config to use SSL.

xxxxxxxxxx

server {

    listen 443 ssl;

    server_name mlflow.local;

    ssl_certificate _etc_ssl_certs_mlflow.crt;

    ssl_certificate_key _etc_ssl_private_mlflow.key;

    location _ {

        proxy_pass http:__10.100.11.72:5000;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        auth_basic "Restricted Access";

        auth_basic_user_file _etc_nginx_.htpasswd;

    }

}

3. Open port 443 in the firewall.

xxxxxxxxxx

sudo ufw allow 'Nginx Full'    # Ubuntu

sudo firewall-cmd --add-service=https --permanent  # RHEL_CentOS

sudo firewall-cmd --reload

Optional: Test Access Using curl

Run the following command to test basic authentication with your MLflow server.

xxxxxxxxxx

curl -u mlflowuser <IP Address>

Username - mlflowuser

Password - admin

This verifies that the NGINX reverse proxy and basic authentication are working as expected.