debugging NGINX configuration for Jupyter
jupyter: | |
image: jupyter/datascience-notebook | |
environment: | |
- PASSWORD=${PASSWORD} | |
nginx: | |
image: nginx | |
links: | |
- jupyter | |
volumes: | |
- ./nginx.conf:/etc/nginx/nginx.conf | |
- ./letsencrypt.crt:/data/cert.crt | |
- /letsencrypt.key:/data/key.key | |
ports: | |
- 80:80 | |
- 443:443 |
## Based on: https://github.com/calpolydatascience/jupyterhub-deploy-data301/blob/master/roles/nginx/templates/nginx.conf.j2 | |
user nginx; | |
worker_processes 1; | |
error_log /var/log/nginx/error.log warn; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
upstream jupyter { | |
server jupyter:8888 fail_timeout=0; | |
} | |
server { | |
listen 80; | |
server_name xsede.carlboettiger.info; | |
rewrite ^ https://$host$request_uri? permanent; | |
} | |
server { | |
listen 443; | |
client_max_body_size 50M; | |
server_name xsede.carlboettiger.info; | |
ssl on; | |
ssl_certificate /data/cert.crt; | |
ssl_certificate_key /data/key.key; | |
ssl_ciphers "AES128+EECDH:AES128+EDH"; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | |
add_header X-Content-Type-Options nosniff; | |
ssl_stapling on; # Requires nginx >= 1.3.7 | |
ssl_stapling_verify on; # Requires nginx => 1.3.7 | |
resolver_timeout 5s; | |
# Expose logs to "docker logs". | |
# See https://github.com/nginxinc/docker-nginx/blob/master/Dockerfile#L12-L14 | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
location / { | |
proxy_pass http://jupyter; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
} | |
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? { | |
proxy_pass http://jupyter; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# WebSocket support | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
} | |
} |
This comment has been minimized.
This comment has been minimized.
what about just serving staring from / instead of ~? where are the static files actually served from? |
This comment has been minimized.
This comment has been minimized.
Thanks. It helped |
This comment has been minimized.
This comment has been minimized.
Thank you, it works like a charm. |
This comment has been minimized.
This comment has been minimized.
Thanks, It works for me |
This comment has been minimized.
This comment has been minimized.
Thanks, works with nginx mainline and JH 0.8.1 |
This comment has been minimized.
This comment has been minimized.
Thanks for this - that worked for me, as well. |
This comment has been minimized.
This comment has been minimized.
Hi, does anyone has been trying transfer the NGINX user uid header to jupyternotebook session? I mean something like to identify the authenticated user on the notebook session. Thanks, |
This comment has been minimized.
This comment has been minimized.
Dude you saved our ass here just now. Thanks :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Thanks this works!