2013-11-02 10:14:09 +08:00
|
|
|
.. _working_remotely:
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2013-08-08 16:17:05 +08:00
|
|
|
Running a notebook server
|
|
|
|
=========================
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
|
2015-05-29 07:43:07 +08:00
|
|
|
The :ref:`Jupyter notebook <notebook>` web-application is based on a
|
2013-08-08 16:17:05 +08:00
|
|
|
server-client structure. This server uses a :ref:`two-process kernel
|
2015-05-29 07:43:07 +08:00
|
|
|
architecture <ipython:ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving
|
2013-08-08 16:17:05 +08:00
|
|
|
HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/
|
|
|
|
and is accessible only from `localhost`. This document describes how you can
|
2014-04-03 01:11:12 +08:00
|
|
|
:ref:`secure a notebook server <notebook_server_security>` and how to :ref:`run it on
|
2013-08-08 16:17:05 +08:00
|
|
|
a public interface <notebook_public_server>`.
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2013-08-08 05:14:38 +08:00
|
|
|
.. _ZeroMQ: http://zeromq.org
|
|
|
|
|
|
|
|
.. _Tornado: http://www.tornadoweb.org
|
|
|
|
|
|
|
|
|
2014-04-03 01:11:12 +08:00
|
|
|
.. _notebook_server_security:
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2014-03-26 04:10:51 +08:00
|
|
|
Securing a notebook server
|
|
|
|
--------------------------
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2013-08-08 16:17:05 +08:00
|
|
|
You can protect your notebook server with a simple single password by
|
2013-07-25 21:21:38 +08:00
|
|
|
setting the :attr:`NotebookApp.password` configurable. You can prepare a
|
|
|
|
hashed password using the function :func:`IPython.lib.security.passwd`:
|
|
|
|
|
|
|
|
.. sourcecode:: ipython
|
|
|
|
|
|
|
|
In [1]: from IPython.lib import passwd
|
|
|
|
In [2]: passwd()
|
|
|
|
Enter password:
|
|
|
|
Verify password:
|
|
|
|
Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
:func:`~IPython.lib.security.passwd` can also take the password as a string
|
|
|
|
argument. **Do not** pass it as an argument inside an IPython session, as it
|
|
|
|
will be saved in your input history.
|
|
|
|
|
2015-05-30 04:51:21 +08:00
|
|
|
You can then add this to your :file:`jupyter_notebook_config.py`, e.g.::
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
# Password to use for web authentication
|
|
|
|
c = get_config()
|
|
|
|
c.NotebookApp.password =
|
|
|
|
u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
|
|
|
|
|
|
|
|
When using a password, it is a good idea to also use SSL, so that your
|
|
|
|
password is not sent unencrypted by your browser. You can start the notebook
|
|
|
|
to communicate via a secure protocol mode using a self-signed certificate with
|
|
|
|
the command::
|
|
|
|
|
|
|
|
$ ipython notebook --certfile=mycert.pem
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
A self-signed certificate can be generated with ``openssl``. For example,
|
|
|
|
the following command will create a certificate valid for 365 days with
|
|
|
|
both the key and certificate data written to the same file::
|
|
|
|
|
2013-08-30 06:29:40 +08:00
|
|
|
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
Your browser will warn you of a dangerous certificate because it is
|
|
|
|
self-signed. If you want to have a fully compliant certificate that will not
|
|
|
|
raise warnings, it is possible (but rather involved) to obtain one,
|
2013-08-08 05:14:38 +08:00
|
|
|
as explained in detail in `this tutorial`__.
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2013-08-08 16:17:05 +08:00
|
|
|
.. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
Keep in mind that when you enable SSL support, you will need to access the
|
|
|
|
notebook server over ``https://``, not over plain ``http://``. The startup
|
|
|
|
message from the server prints this, but it is easy to overlook and think the
|
|
|
|
server is for some reason non-responsive.
|
|
|
|
|
|
|
|
|
2013-08-08 16:17:05 +08:00
|
|
|
.. _notebook_public_server:
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
Running a public notebook server
|
|
|
|
--------------------------------
|
|
|
|
|
|
|
|
If you want to access your notebook server remotely via a web browser,
|
|
|
|
you can do the following.
|
|
|
|
|
|
|
|
Start by creating a certificate file and a hashed password, as explained
|
|
|
|
above. Then create a custom profile for the notebook, with the following
|
|
|
|
command line, type::
|
|
|
|
|
|
|
|
$ ipython profile create nbserver
|
|
|
|
|
|
|
|
In the profile directory just created, edit the file
|
2015-05-30 04:51:21 +08:00
|
|
|
``jupyter_notebook_config.py``. By default, the file has all fields
|
2013-07-25 21:21:38 +08:00
|
|
|
commented; the minimum set you need to uncomment and edit is the following::
|
|
|
|
|
|
|
|
c = get_config()
|
|
|
|
|
|
|
|
# Notebook config
|
|
|
|
c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem'
|
|
|
|
c.NotebookApp.ip = '*'
|
|
|
|
c.NotebookApp.open_browser = False
|
|
|
|
c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]'
|
|
|
|
# It is a good idea to put it on a known, fixed port
|
|
|
|
c.NotebookApp.port = 9999
|
|
|
|
|
|
|
|
You can then start the notebook and access it later by pointing your browser
|
|
|
|
to ``https://your.host.com:9999`` with ``ipython notebook
|
|
|
|
--profile=nbserver``.
|
|
|
|
|
2014-11-18 21:56:29 +08:00
|
|
|
|
|
|
|
Firewall Setup
|
|
|
|
``````````````
|
|
|
|
|
2014-11-19 00:22:46 +08:00
|
|
|
To function correctly, the firewall on the computer running the ipython server must be
|
2014-11-18 21:56:29 +08:00
|
|
|
configured to allow connections from client machines on the ``c.NotebookApp.port``
|
|
|
|
port to allow connections to the web interface. The firewall must also allow
|
2014-11-19 00:22:46 +08:00
|
|
|
connections from 127.0.0.1 (localhost) on ports from 49152 to 65535.
|
|
|
|
These ports are used by the server to communicate with the notebook kernels.
|
|
|
|
The kernel communication ports are chosen randomly by ZeroMQ, and may require
|
|
|
|
multiple connections per kernel, so a large range of ports must be accessible.
|
2014-11-18 21:56:29 +08:00
|
|
|
|
2013-07-25 21:21:38 +08:00
|
|
|
Running with a different URL prefix
|
|
|
|
-----------------------------------
|
|
|
|
|
|
|
|
The notebook dashboard (the landing page with an overview
|
|
|
|
of the notebooks in your working directory) typically lives at the URL
|
|
|
|
``http://localhost:8888/``. If you prefer that it lives, together with the
|
|
|
|
rest of the notebook, under a sub-directory,
|
|
|
|
e.g. ``http://localhost:8888/ipython/``, you can do so with
|
|
|
|
configuration options like the following (see above for instructions about
|
2015-05-30 04:51:21 +08:00
|
|
|
modifying ``jupyter_notebook_config.py``)::
|
2013-07-25 21:21:38 +08:00
|
|
|
|
2014-02-12 13:19:55 +08:00
|
|
|
c.NotebookApp.base_url = '/ipython/'
|
2013-07-25 21:21:38 +08:00
|
|
|
c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'}
|
|
|
|
|
|
|
|
Using a different notebook store
|
|
|
|
--------------------------------
|
|
|
|
|
2013-08-08 16:17:05 +08:00
|
|
|
By default, the notebook server stores the notebook documents that it saves as
|
|
|
|
files in the working directory of the notebook server, also known as the
|
2013-07-25 21:21:38 +08:00
|
|
|
``notebook_dir``. This logic is implemented in the
|
|
|
|
:class:`FileNotebookManager` class. However, the server can be configured to
|
|
|
|
use a different notebook manager class, which can
|
|
|
|
store the notebooks in a different format.
|
|
|
|
|
2014-02-14 01:16:13 +08:00
|
|
|
The bookstore_ package currently allows users to store notebooks on Rackspace
|
|
|
|
CloudFiles or OpenStack Swift based object stores.
|
|
|
|
|
|
|
|
Writing a notebook manager is as simple as extending the base class
|
|
|
|
:class:`NotebookManager`. The simple_notebook_manager_ provides a great example
|
|
|
|
of an in memory notebook manager, created solely for the purpose of
|
|
|
|
illustrating the notebook manager API.
|
|
|
|
|
|
|
|
.. _bookstore: https://github.com/rgbkrk/bookstore
|
|
|
|
|
|
|
|
.. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager
|
|
|
|
|
2013-07-25 21:21:38 +08:00
|
|
|
Known issues
|
|
|
|
------------
|
|
|
|
|
|
|
|
When behind a proxy, especially if your system or browser is set to autodetect
|
2013-08-08 16:17:05 +08:00
|
|
|
the proxy, the notebook web application might fail to connect to the server's
|
|
|
|
websockets, and present you with a warning at startup. In this case, you need
|
|
|
|
to configure your system not to use the proxy for the server's address.
|
2013-07-25 21:21:38 +08:00
|
|
|
|
|
|
|
For example, in Firefox, go to the Preferences panel, Advanced section,
|
|
|
|
Network tab, click 'Settings...', and add the address of the notebook server
|
|
|
|
to the 'No proxy for' field.
|