Arize AI Community Icon

Home
Events

Arize AX Releases
Arize AX Support
Arize News
Arize Observe
Discussions
Introductions
Phoenix Support

Powered by Tightknit

Phoenix Support

Disabling SSL Verification in Phoenix Webapp: Issues and Solutions | Arize AI Community

Phoenix Support

Disabling SSL Verification in Phoenix Webapp: Issues and Solutions

·Aug 23, 2024 07:18 PM

Unfortunately our internal infra for hosting Phoenix has some issues with SSL certificates.. Is there any way to disable SSL verification for the phoenix webapp? I tried to disable SSL from the client-side, but then the webapp returns 503

6 comments

· Sorted by Oldest

Anton A.
·
I don’t have all of the details of our deployment unfortunately as that’s handled by our infra team, but in rough terms:
I’ve deployed the Arize docker image within our internal VPC on an internal domain: https://arize-phoenix.internal.io
I’m trying to hit https://arize-phoenix.internal.io from another service, this gives the following error:
HTTPSConnectionPool(host='arize-phoenix.internal.io', port=443): Max retries exceeded with url: /arize_phoenix_version (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
this error is expected since SSL verification is broken internally, we normally work around this by setting verify=False for internal services. When trying to patch the arize http client (httpx) to use verify=False I get a 503
INFO:httpx:HTTP Request: GET https://arize-phoenix.internal.io/arize_phoenix_version "HTTP/1.1 503 Service Unavailable"
Anton A.
·
My understanding is that if arize supported disabling of SSL verification the GET to https://arize-phoenix.internal.io/arize_phoenix_version with verify=False should have returned successfully
Anton A.
·
Note that I can access Arize from my web browser just fine because SSL verification is supported from my local machine (via VPN). The issue within our infra is that SSL verification is broken between some of our internal services…
Anton A.
·
I would understand if this is out of your scope to support, but just wanted to check if there’s any way to disable the SSL verification from the server-side
Anton A.
·
Ah, I don’t have this level of configuration available unfortunately
Anton A.
·
But this is helpful, thanks, will try to get some support from our infra team to resolve this