debugging NGINX configuration for Jupyter
| jupyter: | |
| image: jupyter/datascience-notebook | |
| environment: | |
| - PASSWORD=${PASSWORD} | |
| nginx: | |
| image: nginx | |
| links: | |
| - jupyter | |
| volumes: | |
| - ./nginx.conf:/etc/nginx/nginx.conf | |
| - ./letsencrypt.crt:/data/cert.crt | |
| - /letsencrypt.key:/data/key.key | |
| ports: | |
| - 80:80 | |
| - 443:443 |
| ## Based on: https://github.com/calpolydatascience/jupyterhub-deploy-data301/blob/master/roles/nginx/templates/nginx.conf.j2 | |
| user nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| upstream jupyter { | |
| server jupyter:8888 fail_timeout=0; | |
| } | |
| server { | |
| listen 80; | |
| server_name xsede.carlboettiger.info; | |
| rewrite ^ https://$host$request_uri? permanent; | |
| } | |
| server { | |
| listen 443; | |
| client_max_body_size 50M; | |
| server_name xsede.carlboettiger.info; | |
| ssl on; | |
| ssl_certificate /data/cert.crt; | |
| ssl_certificate_key /data/key.key; | |
| ssl_ciphers "AES128+EECDH:AES128+EDH"; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:10m; | |
| add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | |
| add_header X-Content-Type-Options nosniff; | |
| ssl_stapling on; # Requires nginx >= 1.3.7 | |
| ssl_stapling_verify on; # Requires nginx => 1.3.7 | |
| resolver_timeout 5s; | |
| # Expose logs to "docker logs". | |
| # See https://github.com/nginxinc/docker-nginx/blob/master/Dockerfile#L12-L14 | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log; | |
| location / { | |
| proxy_pass http://jupyter; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| } | |
| location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? { | |
| proxy_pass http://jupyter; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| # WebSocket support | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $connection_upgrade; | |
| } | |
| } | |
| } |
This comment has been minimized.
This comment has been minimized.
|
what about just serving staring from / instead of ~? where are the static files actually served from? |
This comment has been minimized.
This comment has been minimized.
|
Thanks. It helped |
This comment has been minimized.
This comment has been minimized.
|
Thank you, it works like a charm. |
This comment has been minimized.
This comment has been minimized.
|
Thanks, It works for me |
This comment has been minimized.
This comment has been minimized.
|
Thanks, works with nginx mainline and JH 0.8.1 |
This comment has been minimized.
This comment has been minimized.
|
Thanks for this - that worked for me, as well. |
This comment has been minimized.
This comment has been minimized.
|
Hi, does anyone has been trying transfer the NGINX user uid header to jupyternotebook session? I mean something like to identify the authenticated user on the notebook session. Thanks, |
This comment has been minimized.
This comment has been minimized.
|
Dude you saved our ass here just now. Thanks :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Thanks this works!