Skip to content

Instantly share code, notes, and snippets.

@PiotrCzapla

PiotrCzapla/jupyter-https.md

Created November 30, 2022 19:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PiotrCzapla/5fbda560d68f381049c6560ab68ccb68 to your computer and use it in GitHub Desktop.
Save PiotrCzapla/5fbda560d68f381049c6560ab68ccb68 to your computer and use it in GitHub Desktop.
Download ZIP
mkcert + 1pass to securely serve jupyter notebooks on .local over https
Raw
jupyter-https.md

Howto

$ mkcert --install  # to generate and install your root ca
$ mkcert myserver.local # to generate certificate

Then to enable https in jupyter use this snipped (it assumes your pem and key.pem files are in ~/.jupyter)

from pathlib import Path
c.NotebookApp.keyfile, c.NotebookApp.certfile = sorted(map(str,Path.home().glob('.jupyter/*.pem')))

1password setup

I don't like the fact that mkcert keeps the rootCA unencrypted so I've put it to 1password and I'm using mkcert with a wrapper that brings the key back only when mycert is being used.

Here is a zsh snipped to get this working:

function mkcert_wrapped () {
    MKCERT=$(which -p mkcert)
    F=$("$MKCERT" --CAROOT)/rootCA-key.pem
    op read -o "$F" -f -n op://Personal/mkcert/rootCA-key.pem >/dev/null
    "$MKCERT" $@
    rm "$F"
}
if command -v mkcert &> /dev/null
then
  alias mkcert='mkcert_wrapped'
fi
@PiotrCzapla
Copy link
Author

Doing this second time, I have a few tips to get it. up and running.

  1. make sure that mkcert_wrapped is aliased to mkcert so that you are installing the same cert that on other machines.
  2. to install brew install mkcert
  3. copy cert root CA public file from 1password
  4. do mkcert --install && mkcert .. to create certs
  5. copy certs with scp *.pem serv@~/.jupyter/
  6. expose jupyter
 c.NotebookApp.ip = '0.0.0.0'
 c.NotebookApp.allow_origin = '*'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment