[[jupyterhub]]
Trace: openldap Centos8
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:systemes:jupyter:jupyterhub [2021/07/10 19:58]
adminjp [JupyterHub Configuration] 		docpublic:systemes:systemes:jupyter:jupyterhub [2021/07/12 20:58] (current)
adminjp [REMOTE_USER auth]
Line 151: Line 151:
 </code> </code>
  
 +Now link that file to the directory with the system's systemd Unit files,
 +
 +<code>
 +[root@jhub systemd​​​​​​​]# ln -s /opt/jupyterhub/etc/systemd​​​​​​​/jupyterhub.service /etc/systemd/system/jupyterhub.service
 +[root@jhub systemd​​​​​​​]# ls -l /etc/systemd/system/jupyterhub.service
 +lrwxrwxrwx 1 root root 67 10 juil. 22:07 /etc/systemd/system/jupyterhub.service -> /opt/jupyterhub/etc/systemd​​​​​​​/jupyterhub.service
 +</code>
 +
 +Then tell systemd to reload its configuration files so that it knows about that new jupyterhub.service
 +
 +<code>
 +[root@jpthub systemd​​​​​​​]# systemctl daemon-reload
 +</code>
 +
 +start it and enable it at boot 
 +
 +<code>
 +[root@jhub systemd​​​​​​​]# systemctl start jupyterhub.service
 +[root@jhub systemd​​​​​​​]# systemctl status jupyterhub.service
 +● jupyterhub.service - JupyterHub
 +   Loaded: loaded (/opt/jupyterhub/etc/systemd​​​​​​​/jupyterhub.service; linked; vendor preset: disabled)
 +   Active: active (running) since Sat 2021-07-10 22:10:04 CEST; 8s ago
 +   
 +[root@jhub systemd​​​​​​​]# systemctl enable jupyterhub.service
 +Created symlink /etc/systemd/system/multi-user.target.wants/jupyterhub.service → /opt/jupyterhub/etc/systemd​​​​​​​/jupyterhub.service.
 +   
 +</code>
 +
 +
 +==== firewall ====
 +
 +open jupyterhub webservice to our local ip network 
 +
 +<code>
 +[root@jhub systemd​​​​​​​]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0.0/16" port port=8000 protocol=tcp  accept'
 +success
 +[root@jhub systemd​​​​​​​]# firewall-cmd --reload
 +success
 +</code>
 +
 +==== jupyterhub webservice ====
 +
 +now the jupyterhub webservice is available at http://jhub.domain.fr:8000
 +
 +===== https and reverse proxy with apache =====
 +
 +  * https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html#apache
 +
 +change the // c.JupyterHub.bind_url//  on jupyterhub config file
 +
 +<code>
 +[root@jhub jupyterhub]# grep c.JupyterHub.bind_url  /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
 +#c.JupyterHub.bind_url = 'http://:8000'
 +c.JupyterHub.bind_url = 'http://127.0.0.1:8000'
 +</code>
 +
 +==== apache ====
 +
 +install httpd and mod_ssl package
 +
 +<code>
 +[root@jhub certs]# yum install httpd mod_ssl
 +</code>
 +
 +jupyterhub vhost configuration
 +
 +<code>
 +[root@jhub certs]# cat /etc/httpd/conf.d/jupyterhub.conf
 +
 +# redirect HTTP to HTTPS
 +Listen 80
 +<VirtualHost jhub.domain.fr:80>
 +  ServerName jhub.domain.fr
 +  Redirect / https://jhub.domain.fr/
 +</VirtualHost>
 +
 +Listen 443
 +<VirtualHost jhub.domain.fr:443>
 +
 +  ServerName jhub.domain.fr
 +
 +  # configure SSL
 +  SSLEngine on
 +  SSLCertificateFile /etc/pki/tls/certs/domain.fr_eu_cert.cer
 +  SSLCertificateKeyFile /etc/pki/tls/private/domain.fr.key
 +  SSLProtocol All -SSLv2 -SSLv3
 +#  SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparam.pem
 +  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 +
 +  # Use RewriteEngine to handle websocket connection upgrades
 +  RewriteEngine On
 +  RewriteCond %{HTTP:Connection} Upgrade [NC]
 +  RewriteCond %{HTTP:Upgrade} websocket [NC]
 +  RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
 +
 +  <Location "/">
 +    # preserve Host header to avoid cross-origin problems
 +    ProxyPreserveHost on
 +    # proxy to JupyterHub
 +    ProxyPass         http://127.0.0.1:8000/
 +    ProxyPassReverse  http://127.0.0.1:8000/
 +  </Location>
 +</VirtualHost>
 +</code>
 +
 +==== firewall ====
 +
 +open https service in the firewall to our IP subnet 
 +
 +<code>
 +[root@jpthub certs]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0/16" service name="https" log prefix="https" accept'
 +success
 +[root@jpthub certs]# firewall-cmd --reload
 +success
 +</code>
 +
 +
 +===== SAML authenticator =====
 +
 +  * https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html
 +  * https://github.com/HewlettPackard/jupyterhub-samlauthenticator
 +
 +
 +<code>
 +[root@jhub jupyterhub]#  /opt/jupyterhub/bin/python3 -m pip install jupyterhub-samlauthenticator
 +Collecting jupyterhub-samlauthenticator
 +  Downloading jupyterhub_samlauthenticator-0.0.9-py3-none-any.whl (17 kB)
 +Requirement already satisfied: jupyterhub>=0.9.0 in ./lib/python3.6/site-packages (from jupyterhub-samlauthenticator) (1.4.1)
 +...
 +Installing collected packages: pyopenssl, future, lxml, eight, signxml, jupyterhub-samlauthenticator
 +  Attempting uninstall: pyopenssl
 +    Found existing installation: pyOpenSSL 20.0.1
 +    Uninstalling pyOpenSSL-20.0.1:
 +      Successfully uninstalled pyOpenSSL-20.0.1
 +Successfully installed eight-1.0.1 future-0.18.2 jupyterhub-samlauthenticator-0.0.9 lxml-4.6.3 pyopenssl-19.1.0 signxml-2.8.2
 +</code>
 +
 +it installed those directories/files 
 +
 +<code>
 +[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/samlauthenticator/
 +total 44
 +-rw-r--r-- 1 root root 36101 12 juil. 16:33 samlauthenticator.py
 +-rw-r--r-- 1 root root  1144 12 juil. 16:33 __init__.py
 +drwxr-xr-x 2 root root  4096 12 juil. 16:33 __pycache__
 +[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/jupyterhub_samlauthenticator-0.0.9.dist-info
 +total 40
 +-rw-r--r-- 1 root root  1085 12 juil. 16:33 LICENSE.txt
 +-rw-r--r-- 1 root root    92 12 juil. 16:33 WHEEL
 +-rw-r--r-- 1 root root    18 12 juil. 16:33 top_level.txt
 +-rw-r--r-- 1 root root 17256 12 juil. 16:33 METADATA
 +-rw-r--r-- 1 root root     0 12 juil. 16:33 REQUESTED
 +-rw-r--r-- 1 root root     4 12 juil. 16:33 INSTALLER
 +-rw-r--r-- 1 root root  1026 12 juil. 16:33 RECORD
 +</code>
 +
 +
 +===== REMOTE_USER auth =====
 +
 +we'll try to authenticate through a shibboleth SP proxy to benefit from federated access , then redirect that REMOTE_USER to jupyterhub 
 +
 +  * https://github.com/cwaldbieser/jhub_remote_user_authenticator
 +
 +<code>
 +[root@jhub jupyterhub]#  /opt/jupyterhub/bin/python3 -m pip  install jhub_remote_user_authenticator
 +Collecting jhub_remote_user_authenticator
 +  Downloading jhub_remote_user_authenticator-0.1.0-py3-none-any.whl (3.6 kB)
 +  ...
 +  Installing collected packages: jhub-remote-user-authenticator
 +Successfully installed jhub-remote-user-authenticator-0.1.0
 +
 +</code>
docpublic/systemes/systemes/jupyter/jupyterhub.1625947107.txt.gz · Last modified: 2021/07/10 19:58 by adminjp
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0