Overview
Version
FineBI Version |
6.0.5 |
Application Scenarios
Local machine information authentication/private cloud authentication is unavailable as the project (deployed in the Docker container) cannot be bound to the machine code/MAC address.
Public cloud authentication is unavailable as the FineBI project cannot connect to the external network.
Local container authentication is unavailable as you need an authorization server to authorize for multiple report servers.
Functions
FineBI supports container private cloud authentication. You need to prepare two servers.
1. Authorization server: used to upload and start private cloud image files in a Docker containerized environment.
2. Project server: the server that FineBI project locates
Notes
1. The project server (the server of FineBI project that needs to be registered) requires network connectivity with the authorization server.
2. The authorization server cannot be shut down for more than 24 hours.
If the shutdown time is more than 24 hours, re-authentication (rescan the QR code and enter the verification code without re-uploading the image file) is required after you restart the authorization server.
If the shutdown time is less than 24 hours, FineBI server will fail to register (valid registration if FineBI server can automatically reconnect to the authorization server within two hours).
Procedures
Obtaining the Authorization File
Use the email address specified in the contract to send the registration information to FineBI business personnel (business@fanruan.com). The email format is as follows:
After receiving and verifying the email, the business personnel will generate the mirror file fanruan_license_server.tar of the authentication server and email it to you.
Note:List | Requirement | Note | |
Priority contact | Contact FanRuan business personnel in advance to confirm relevant matters and sign the contract. | / | |
Sender | Use the email address specified in the contract. | If you do not use the email address specified in the contract to send registration information, the registration will not be allowed. | |
Recipient | business@fanruan.com | / | |
Title | Document of Company Name's Registration for FineBI Official Authorization | If you do not mark the company name in the email, the registration will not be allowed. | |
Body | Basic information | Company name: Company Name Project name: Project Name Contract signing date: YYYY-MM-DD | / |
Registration method | Container private cloud authentication | / | |
The maximum number of registration | The number of nodes in the cluster project | If this option is not provided, it defaults to 1 (no need to provide this option in standalone mode).
| |
Starting the Authorization Server
Loading the Image File fanruan_license_server.tar
docker load < fanruan_license_server.tar
Viewing the Imported Image File
There are two types of file packages (arm64 and amd64) by default. You can choose as needed. The following text is demonstrated using the amd64 package.
docker images
Generating Containers Through Docker Images and Performing Directory Mapping
For example, map /app/config into D:\William\lic\config.
docker run -v /D/William/lic/config:/app/config -P -d fanruan_license_server_amd64:1.0.0
Note:1. The mapping directory name should not contain spaces and special characters (otherwise it may cause an error).
2. When you start the image, the built-in HTTPS certificate (only support two addresses: localhost and 127.0.0.1) of the container is used by default.
To support other IP addresses and domain names, you can open the directory where the mapping certificate is located and use your own certificate file.
3. When you use -P, Docker will randomly search for an unoccupied port number (the port 49155 on the host machine mentioned below) between 49153 and 65535 to bind to the container.
To specify the host port, adjust -P in the startup command to -p Host port number:Container port number
4. The container directory is described in the following table. If you need to map multiple directories, concatenate them with -v between each directory.
For example, map /app/config into D:\William\lic\config and /app/log into D:\William\lic\log.
Command: docker run -v /D/William/lic/config:/app/config -v /D/William/lic/log:/app/log -P -d fanruan_license_server_amd64:1.0.0
Catalog | Description | Map or Not |
/app/config | Generate the directory of the privataConfig file. | Map. Mapping is necessary to prevent errors when you start the container for the second time. |
/app/log | Log directory | Map as needed. It is easy to access logs to map directories. |
/app/tls | The default built-in HTTPS certificate for containers | Map as needed. If mapping is required, you must place the certificate file in this directory manually, otherwise the authentication server will fail to start. |
/app/web | QR code front-end file | Not map. The QR code page cannot be accessed after mapping. |
Listing Information of Running Containers
docker ps
Submitting and Authentication
From the previous section, it can be seen that the port 80811 of the Docker container is mapped to the port 49155 of the host machine.
Visit https://172.16.63.131:49155/license/qrcode to perform QR code authentication. (IP address and port number need to be adjusted according to your actual situation.)
Scan the generated QR code through a mobile browser to obtain a 6-digit verification code. Enter the verification code in the system and click Submit.
Note:1. The QR code is valid for five minutes (refresh manually after five minutes). Ensure that the registration is completed within the specified time.
2. After scanning the code with your phone to obtain the verification code, it is best to register the project immediately (not restart the project before successful registration).
3. If the number of incorrect verification code inputs exceeds five times, the system will be locked for 15 minutes (to prevent brute force attack and high-frequency access to the interface).
FineBI Server Verification Authorization
Log into FineBI as the admin, choose Manage > Registration, and click Register Now.
Select Private Cloud as AUTH Method, enter the IP address and listening port number (like https://172.16.63.131:49155) displayed on the authorization server above, and click Submit.
Note:
The effect is as follows if the authentication is successful.
Note:1. The maximum number of connections here refers to the number of projects that can apply for authorization registration to the authorization server at the same time.
2. If authentication fails, check firewall settings (open corresponding ports or disable the firewall).
Failed Registration
Problem
If registration fails, a prompt window pops up.
Cause
Click Details to view causes for registration failure. You can troubleshoot according to the specific cause.
Error Code | Error Name | Definition |
10000 | JSON_PARSER_ERROR | Incorrect data format |
10001 | PARAM_INPUT_ERROR | Incorrect parameter |
20000 | DO_NOT_NEED_DEACTIVATE | The unauthorized machine does not need to be unbound. |
30000 | LICENSE_EXPIRED | Expired certificate |
30001 | REPORT_VERSION_ERROR | Mismatched version |
30002 | ACCOUNT_STATUS_ERROR | Abnormal account state (The prompt occurs when the machine does not need to be unbound for being not authorized.) |
30003 | LICENSE_IP_ERROR | IP address is not within the allowed range. |
30004 | LICENSE_DOMAIN_ERROR | The domain name is not within the allowed range. |
30005 | LICENSE_APPNAME_ERROR | The app name is not within the allowed range. |
30007 | REGISTER_OUT_OF_LIMIT | The maximum number of authorizations has been reached. |
Authentication Migration
For projects that have been performed container private cloud authentication, follow the steps below to migrate the authorization server.
Destroying Original Project Authorization
Use the email address specified in the contract and send the registration information to FineBI business personnel (business@fanruan.com).
Describe clearly the address (like https://172.16.63.131:49155) of the authorization server to be migrated in the email body.
Business personnel will destroy corresponding authorization and notify you by email after receiving and verifying the email.
Note:
Do not restart the authorization server to be migrated until you receive a clear response from the business personnel.
Copying the privateConfig File
1. Close the authorization server to be migrated.
2. Obtain the automatically generated privateConfig file under the /app/config path of the container.
Obtaining a New Authorization File
Use the email address specified in the contract and send the registration information to FineBI business personnel (business@fanruan.com).
For details about the email format, see section "Obtaining the Authorization File". You need to attach the privateConfig file obtained in the previous step.
After receiving and verifying the email, the business personnel will generate the mirror file fanruan_license_server.tar of the authentication server and email it to you.
You can register by following the steps in section "Procedures" to start a new authorization server.
Previous:Public Cloud Authentication
