Techlatest.net Logo
Go back

Enabling Https for Jupyter

This VM comes with the JupyterHub running on http. Follow below steps to enable HTTPS for your JupyterHub :


  1. Connect via terminal and Go to /home/ubuntu/setup directory using below command.
cd /home/ubuntu/setup

  1. Note: Below step is for generating self signed certificate. If you have SSL certificate signed from Certificate Authority, copy the certificate and key in the vm under /home/ubuntu/setup/internal-ssl/hub-ca/ folder with the names hub-ca.crt and hub-ca.key respectively and skip to the per-boot editing step below.

    Generate auto sign certificate by running below command. This will generate hub-ca.crt and hub-ca.key files under /home/ubuntu/setup/internal-ssl/hub-ca/ directory.

jupyterhub --generate-certs

/img/common/jupyterhub_https_generate_certs.png

  1. Edit the jupyter perboot script by running below commands from terminal.
sudo sed -i 's|sudo jupyterhub --config /home/ubuntu/setup/jupyterhub_config.py --ip 0.0.0.0 --port 80|#sudo jupyterhub --config /home/ubuntu/setup/jupyterhub_config.py --ip 0.0.0.0 --port 80|g' /var/lib/cloud/scripts/per-boot/jupyter_perboot.sh

sudo sed -i 's|#sudo jupyterhub --config /home/ubuntu/setup/jupyterhub_config.py --port 443|sudo jupyterhub --config /home/ubuntu/setup/jupyterhub_config.py --port 443|g' /var/lib/cloud/scripts/per-boot/jupyter_perboot.sh

/img/common/comment-port-80.png

/img/common/uncomment-port-443.png

  1. You also need to enable port 443 for your VM in your cloud environment. If you are not aware of how to enable port 443, follow below links for your respective cloud provide:
  • To add a firewall rule on Azure, from VM’s details page, select Networking -> Network settings from left pane. Under Rules sections, click on Create Port Rule. Select Inbound port rule, on this page keep all the default settings and select HTTPS under Service dropdown.

  • For AWS, Go to your EC2 instance, Modify the security group associated with your instance, Open the Inbound tab and Add a rule to allow incoming HTTPS traffic (port 443).

  • For GCP: Open the VM page from GCP console, click on edit and select “https” option and save as shown below:

/img/common/jupyterhub_https_guide_gcp_port_change.png

/img/common/jupyterhub_https_guide_gcp_port_change_02.png

  1. Restart your VM using below command
sudo init 6
  1. Now once your VM is restarted, you can access JupyterHub using https://yourvmip in browser.

Note: Chrome browser doesn’t add security exception for self signed certificate and will give you error message as shown below. Please use Firefox Browser to access Jupyterhub WebUI.

/img/common/chrome-error-for-https.png

  1. If you used self signed certificate for https, your browser will show security exception which you need to accept as shown below:

/img/common/jupyterhub_https_guide_browser_warning.png

/img/common/jupyterhub_https_guide_browser_warning_advance.png

  1. Finally, if you accept the security risk as shown above, you will get the login page:

/img/common/jupyterhub_https_login.png

Go back