mirror of
https://github.com/jupyter/notebook.git
synced 2025-01-24 12:05:22 +08:00
102 lines
3.3 KiB
Python
102 lines
3.3 KiB
Python
|
#!/usr/bin/env python
|
||
|
|
|
||
|
|
from notebook.auth import passwd
|
||
|
|
from traitlets.config.loader import JSONFileConfigLoader, ConfigFileNotFound
|
||
|
|
import six
|
||
|
|
from jupyter_core.paths import jupyter_config_dir
|
||
|
|
from traitlets.config import Config
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
from OpenSSL import crypto, SSL
|
||
|
|
from socket import gethostname
|
||
|
|
from pprint import pprint
|
||
|
|
from time import gmtime, mktime
|
||
|
|
from os.path import exists, join
|
||
|
|
|
||
|
|
import io
|
||
|
|
import os
|
||
|
|
import json
|
||
|
|
|
||
|
|
|
||
|
|
def create_self_signed_cert(cert_dir, keyfile, certfiile):
|
||
|
|
"""
|
||
|
|
If datacard.crt and datacard.key don't exist in cert_dir, create a new
|
||
|
|
self-signed cert and keypair and write them into that directory.
|
||
|
|
"""
|
||
|
|
|
||
|
|
if not exists(join(cert_dir, certfiile)) \
|
||
|
|
or not exists(join(cert_dir, keyfile)):
|
||
|
|
|
||
|
|
# create a key pair
|
||
|
|
k = crypto.PKey()
|
||
|
|
k.generate_key(crypto.TYPE_RSA, 1024)
|
||
|
|
|
||
|
|
# create a self-signed cert
|
||
|
|
cert = crypto.X509()
|
||
|
|
cert.get_subject().C = "US"
|
||
|
|
cert.get_subject().ST = "Jupyter notebook self-signed certificat"
|
||
|
|
cert.get_subject().L = "Jupyter notebook self-signed certificat"
|
||
|
|
cert.get_subject().O = "Jupyter notebook self-signed certificat"
|
||
|
|
cert.get_subject().OU = "my organization"
|
||
|
|
cert.get_subject().CN = "Jupyter notebook self-signed certificat"
|
||
|
|
cert.set_serial_number(1000)
|
||
|
|
cert.gmtime_adj_notBefore(0)
|
||
|
|
cert.gmtime_adj_notAfter(365*24*60*60)
|
||
|
|
cert.set_issuer(cert.get_subject())
|
||
|
|
cert.set_pubkey(k)
|
||
|
|
cert.sign(k, 'sha256')
|
||
|
|
|
||
|
|
with io.open(join(cert_dir, certfile), "wt") as f:
|
||
|
|
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf8'))
|
||
|
|
with io.open(join(cert_dir, keyfile), "wt") as f:
|
||
|
|
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf8'))
|
||
|
|
|
||
|
|
|
||
|
|
if __name__ == '__main__':
|
||
|
|
print("This guide you into securing your notebook server")
|
||
|
|
print("fist choose a password.")
|
||
|
|
pw = passwd()
|
||
|
|
print("We will sore you password encrypted in the notebook configuration file: ")
|
||
|
|
print(pw)
|
||
|
|
|
||
|
|
loader = JSONFileConfigLoader('jupyter_notebook_config.json', jupyter_config_dir())
|
||
|
|
try:
|
||
|
|
config = loader.load_config()
|
||
|
|
except ConfigFileNotFound:
|
||
|
|
config = Config()
|
||
|
|
|
||
|
|
config.NotebookApp.password = pw
|
||
|
|
|
||
|
|
with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f:
|
||
|
|
f.write(six.u(json.dumps(config, indent=2)))
|
||
|
|
|
||
|
|
print('... done')
|
||
|
|
print()
|
||
|
|
|
||
|
|
print("Now let's generate self signed https certificats to secure your connexion.")
|
||
|
|
print("where should the certificate live ?")
|
||
|
|
location = input('path [~/.ssh]: ')
|
||
|
|
if not location.strip():
|
||
|
|
location = os.path.expanduser('~/.ssh')
|
||
|
|
keyfile = input('keyfile name [jupyter_server.key]: ')
|
||
|
|
if not keyfile.strip():
|
||
|
|
keyfile = 'jupyter_server.key'
|
||
|
|
certfile = input('certfile name [jupyter_server.crt]: ')
|
||
|
|
if not certfile.strip():
|
||
|
|
certfile = 'jupyter_server.crt'
|
||
|
|
|
||
|
|
create_self_signed_cert(location, keyfile, certfile)
|
||
|
|
|
||
|
|
fullkey = os.path.join(location, keyfile)
|
||
|
|
fullcrt = os.path.join(location, certfile)
|
||
|
|
|
||
|
|
config.NotebookApp.certfile = fullcrt
|
||
|
|
config.NotebookApp.keyfile = fullkey
|
||
|
|
|
||
|
|
with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f:
|
||
|
|
f.write(six.u(json.dumps(config, indent=2)))
|
||
|
|
|
||
|
|
|
||
|
|
|