SUPPORT


Enabling https for Jupyter



Below are the steps to enable https for your JupyterHub :

  1. Go to anaconda home directory
  2. cd /home/anaconda/

  3. Note :Below step is for generating self signed certificate. If you have SSL certificate signed from Certificate Authority, you can skip this step and use your CA signed key and certificate
  4. Generate auto sign certificate by running below command and answering the prompted questions. This will create two files key.pem and certificate.pem .

    sudo openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

    /img/common/jupyterhub_https_guide_command.png

  5. Take backup of JupyterHub configuration file :
  6. cp jupyterhub_config.py backup_jupyterhub_config.py

  7. Enable SSL for JupyterHub
  8. Open /home/anaconda/ in your preferred editor as sudo user.
    sudo vim jupyterhub_config.py

    Search for “c.JupyterHub.ssl_cert”,uncomment the setting and set it to your ssl certificate as shown below:
    c.JupyterHub.ssl_cert = '/home/anaconda/certificate.pem'

    Similarly, search for “c.JupyterHub.ssl_key”,uncomment the setting and set it to your ssl key as shown below:
    c.JupyterHub.ssl_key = '/home/anaconda/key.pem'

    Save the file.

  9. Finally, you need to setup the ssl port in the startup script. For this, open the startup script as sudo user using below command
  10. sudo vim /etc/init.d/jupyterhub
    change the value for port from 80 to 443 in the last line. Now the last line should look like below. The change is highlighted in red:
    source $ANACONDA_HOME/bin/activate pyml ; $ANACONDA_HOME/bin/jupyterhub -f /home/anaconda/jupyterhub_config.py --upgrade-db-- port 443

  11. Restart your VM using below command
  12. sudo init 6

  13. You also need to enable port 443 in your cloud environment. If you are not aware of how to enable port 443, follow below links for your respective cloud provide:
    1. For Azure : https://blogs.msdn.microsoft.com/pkirchner/2016/02/02/allow-incoming-web-traffic-to-web-server-in-azure-vm/ (the link for enabling port 8080. You should provide 443 as the value and not 8080)
    2. For AWS : https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-enable-traffic-and-verify-certificate.html
    3. For GCP :
    4. Open the VM page from GCP console, click on edit and select “https” option and save as shown below:

      /img/common/jupyterhub_https_guide_gcp_port_change.png
      /img/common/jupyterhub_https_guide_gcp_port_change_02.png

  1. Now once your VM is restarted, you can access it using https://yourvmip
  2. If you used self signed certificate for https, your browser will show security exception which you need to accept as shown below for Firefox and Chrome:
  3. /img/common/jupyterhub_https_guide_browser_warning.png

    /img/common/jupyterhub_https_guide_browser_warning_advance.png

    /img/common/jupyterhub_https_guide_browser_connection_error.png

    /img/common/jupyterhub_https_guide_browser_proceed_page.png

  4. Finally, if you accept the security risk as shown above, you will get the login page:
  5. /img/common/jupyterhub_https_guide_login_page.png