mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-01-24 12:05:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add letsencrypt instructions re: Pollock on ML

Browse Source
This commit is contained in:
Carol Willing 2016-05-02 15:16:26 -07:00
parent c170ba1021
commit f84bb09fec
1 changed files with 46 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/source/public_server.rst
View File

@ -43,6 +43,7 @@ using the following command::
$ jupyter notebook --generate-config
.. _hashed-pw:
Preparing a hashed password
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -103,14 +104,12 @@ with the command::
When starting the notebook server, your browser may warn that your self-signed
certificate is insecure or unrecognized. If you wish to have a fully
compliant self-signed certificate that will not raise warnings, it is possible
(but rather involved) to create one, as explained in detail in `this tutorial`__.
.. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars
.. TODO: Find an additional resource that walks the user through this two-process step by step.
(but rather involved) to create one, as explained in detail in this `tutorial`__.
Alternatively, you may use `Let's Encrypt`_ to acquire a free SSL certificate
and follow the steps in :ref:`using-lets-encrypt` to set up a public server.
.. _OWASP: https://www.owasp.org
.. __tutorial: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars
.. _notebook_public_server:
@ -134,7 +133,7 @@ config file for the notebook using the following command line::
In the ``~/.jupyter`` directory, edit the notebook config file,
``jupyter_notebook_config.py``. By default, the notebook config file has
all fields commented out. The minimum set of configuration options that
you should to uncomment and edit in :file:``jupyter_notebook_config.py`` is the
you should to uncomment and edit in :file:`jupyter_notebook_config.py` is the
following::
# Set options for certfile, ip, password, and toggle off browser auto-opening
@ -150,6 +149,42 @@ following::
You can then start the notebook using the ``jupyter notebook`` command.
.. _using-lets-encrypt:
Using Let's Encrypt
~~~~~~~~~~~~~~~~~~~
`Let's Encrypt`_ provides free SSL/TLS certificates. You can also set up a
public server using a `Let's Encrypt`_ certificate.
:ref:`notebook_public_server` will be similar when using a Let's Encrypt
certificate with a few configuration changes. Here are the steps:
1. Create a `Let's Encrypt certificate <https://letsencrypt.org/getting-started/>`_.
2. Use :ref:`hashed-pw` to create one.
3. If you don't already have config file for the notebook, create one
using the following command::
$ jupyter notebook --generate-config
4. In the ``~/.jupyter`` directory, edit the notebook config file,
``jupyter_notebook_config.py``. By default, the notebook config file has
all fields commented out. The minimum set of configuration options that
you should to uncomment and edit in :file:`jupyter_notebook_config.py` is the
following::
# Set options for certfile, ip, password, and toggle off browser auto-opening
c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/fullchain.pem'
c.NotebookApp.keyfile = u'/absolute/path/to/your/certificate/privkey.pem'
# Set ip to '*' to bind on all interfaces (ips) for the public server
c.NotebookApp.ip = '*'
c.NotebookApp.password = u'sha1:bcd259ccf...<your hashed password here>'
c.NotebookApp.open_browser = False
# It is a good idea to set a known, fixed port for server access
c.NotebookApp.port = 9999
You can then start the notebook using the ``jupyter notebook`` command.
.. important::
**Use 'https'.**
@ -165,13 +200,16 @@ You may now access the public server by pointing your browser to
``https://your.host.com:9999`` where ``your.host.com`` is your public server's
domain.
.. _`Let's Encrypt`: https://letsencrypt.org
Firewall Setup
~~~~~~~~~~~~~~
To function correctly, the firewall on the computer running the jupyter
notebook server must be configured to allow connections from client
machines on the access port ``c.NotebookApp.port`` set in
:file:``jupyter_notebook_config.py`` port to allow connections to the
:file:`jupyter_notebook_config.py` port to allow connections to the
web interface. The firewall must also allow connections from
127.0.0.1 (localhost) on ports from 49152 to 65535.
These ports are used by the server to communicate with the notebook kernels.