How to run IPython behind an Apache proxy
I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL
https://my.server:XXXX
(where XXX
-
This works for jupyter and password hash:
<VirtualHost *:443> ServerName default ProxyPreserveHost On ProxyRequests off SSLProxyEngine on SSLEngine on SSLProtocol TLSv1 SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLCertificateFile /home/ubuntu/.certs/mycert.pem ProxyPass /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/ ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/ ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/ ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/ ProxyPass /notebook https://127.0.0.1:9999/notebook ProxyPassReverse /notebook https://127.0.0.1:9999/notebook </VirtualHost>讨论(0) -
On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.
<Location /ipython/terminals/websocket/> ProxyPass ws://localhost:8888/ipython/terminals/websocket/ ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/ </Location>讨论(0) -
WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.
I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.
1. Set up iPython:
This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.
2. Configure Apache:
- Make sure you have the following mods available and enabled.
./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headersAdded
--enable-headershere as they were not installed on mine. Also I used the Apache2 a2enmod command. Sosudo a2enmod headers,sudo a2enmod proxy, etc.If you're running a version of Apache prior to 2.4, you do not have the
proxy_wstunnelmod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over bothmod_proxy.soandmod_proxy_wstunnel.so. To get theconfigurescript, you need to run./buildconfig, which has its own dependencies. This is noted in a comment therein.Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to
httpd.conforports.conf. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.Listen [ANY PORT HERE] # post has port 8999 here... ... <VirtualHost *:[ANY PORT HERE]> SSLProxyEngine On # post did not have this... ProxyPass / http://127.0.0.1:8888/ ProxyPassReverse / http://127.0.0.1:8888/ # spoof headers to make notepad accept the request as coming from the same origin Header set Origin "http://127.0.0.1:8888/" RequestHeader set Origin "http://127.0.0.1:8888/" LogLevel debug </VirtualHost>NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:
<VirtualHost *:80> ... # Everything is the same here... </VirtualHost>NOTE 2: Since you are using SSL, you need to add
SSLProxyEngine Onwithin the body of theVirtualHostdefinition. As noted above, the post did not have this specifically.NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.
NOTE 4: If you want to host multiple applications, and this is one of them, rather than having
/and:8888/, you will want/ipythonand:8888/ipythonor whatever you want this to be named. In order to support this, see Running with a different URL prefix.Enable the new configuration:
sudo a2ensite iPython
If you need to disable:
sudo a2dissite iPython- Reload Apache:
sudo service apache2 reload
My Environment:
Ubuntu 14.04.1 Apache 2.4.7 ipython 2.3.0EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.
讨论(0) -
Based on Apache's config of @adam, I'm putting here a full SSL-aware
<VirualHost>sections but without the/ipythonprefix, and i'm giving also the SSL-options for anyone interested:<VirtualHost *:80> ServerAdmin myname@my.place.com ServerName some.server.com SSLEngine off Redirect permanent / https://some.server.com </VirtualHost> ## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy # <VirtualHost *:443> ServerAdmin myname@my.place.com ServerName some.server.com SSLEngine on SSLCertificateFile some_server_com.crt SSLCertificateKeyFile some_server_com.key <Location /> ProxyPass http://localhost:8888/ ProxyPassReverse http://localhost:8888/ ProxyPassReverseCookieDomain localhost some.server.com RequestHeader set Origin "http://localhost:8888" </Location> <Location /api/kernels/> ProxyPass ws://localhost:8888/api/kernels/ ProxyPassReverse ws://localhost:8888/api/kernels/ </Location> Redirect permanent / https://some.server.com </VirtualHost>讨论(0) -
I got this working using the following setup.
IPython
IPython Notebook is listening at
http://localhost:8888/ipython. It was necessary to add the/ipythonprefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.The
ipython_notebook_config.pyc = get_config() c.NotebookApp.ip = 'localhost' c.NotebookApp.open_browser = False c.NotebookApp.port = 8888 c.NotebookApp.base_url = '/ipython'Apache
I enabled
mod_proxymod_proxy_httpmod_proxy_wstunnel
In the apache config I added
<Location /ipython> ProxyPass http://localhost:8888/ipython ProxyPassReverse http://localhost:8888/ipython ProxyPassReverseCookieDomain localhost my.server.com RequestHeader set Origin "http://localhost:8888" </Location> <Location /ipython/api/kernels/> ProxyPass ws://localhost:8888/ipython/api/kernels/ ProxyPassReverse ws://localhost:8888/ipython/api/kernels/ </Location>to an SSL enabled virtual host definition.
The
RequestHeader set Origin "http://localhost:8888"was necessary for the websockets, otherwise you get a 403 Forbidden.Now IPython is reachable at
https://my.server.com/ipython(no trailing/!).讨论(0) -
I'm using apache version 2.4.18 in a server running Ubuntu 16.04.1 LTS(xenial) and finally I have my jupyter notebook running through ssl. I had already configured the standard SSL on my server, so https:// was working. I had also followed this instructions: Running a notebook server to get my cert file and my password in the
jupyter_notebook_config.pyconfiguration file. What I was missing was:c.NotebookApp.allow_origin = '*' c.NotebookApp.base_url = '/SomeName'The apache configuration file that worked for me using solutions from several places and part of the answers here was:
SSLProxyEngine on SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off <Location "/SomeName"> ProxyPass https://localhost:XXXX/SomeName ProxyPassReverse https://localhost:XXXX/SomeName </Location> <Location "/SomeName/api/kernels"> ProxyPass wss://localhost:XXXX/SomeName/api/kernels ProxyPassReverse wss://localhost:XXXX/SomeName/api/kernels </Location> <Location "/SomeName/terminals/websocket"> ProxyPass wss://localhost:XXXX/SomeName/terminals/websocket ProxyPassReverse wss://localhost:XXXX/SomeName/terminals/websocket </Location>where XXXX is the port you are using, e.g. 8888, and SomeName could be any name you want. I hope this can help.
讨论(0)
加载中...
- 热议问题