TODO
Digital Ocean - Droplet
Alwaysdata - Redirection
Sources:
* https://github.com/jupyterhub/jupyterhub/wiki/Installation-of-Jupyterhub-on-remote-server
* http://jupyterhub.readthedocs.io/en/latest/getting-started/config-basics.html
On a new system, you may need :
* https://www.thomas-krenn.com/en/wiki/Configure_Locales_in_Ubuntu
locale-gen fr_FR.UTF-8
update-locale LANG=fr_FR.UTF-8 LC_MESSAGES=POSIX
# fresh login neededapt update
apt upgradeTools to install jupyterlab / jupyterhub
apt install npm nodejs-legacy
npm install -g configurable-http-proxy
apt install python3-pip
pip3 install --upgrade pipJupyterlab / Jupyterhub install
pip3 install jupyterhub pip3 install --upgrade notebook pip3 install jupyterlab pip3 install ipywidgets
pip3 install dockerspawner
Install Python scientific stack
pip3 install numpy scipy matplotlib pandas sympy nose
apt install graphviz pip3 install graphviz
Add new users (for PAM authentificator)
adduser <username>
sudo adduser <username> sudoSSH Login without password
Jupyterhub as a service
https://github.com/jupyterhub/jupyterhub/wiki/Run-jupyterhub-as-a-system-service
Jupyterhub Config
touch jupyterhub_config.py
# puis vi, emacs, nano, ou autre hein...Ajouter/Décommenter :
c.Spawner.default_url = '/lab'TODO
* Authentificator :
* Google... ou pas. L'objectif est d'avoir les utilisateurs que je souhaite !* Moins verbose... (?)
* Copier des fichiers par défaut... : ou default_dir
* Admin pour accéder au contenu des autres
SSL / SAN
- https://geekflare.com/san-ssl-certificate/
- https://ethitter.com/2016/05/generating-a-csr-with-san-at-the-command-line/
SSL : sur une adresse IP, ce n'est pas vraiment simple...
* Il faudrait un nom de domaine transparent... ce n'est pas le cas- http://jupyterhub.readthedocs.io/en/latest/getting-started/security-basics.html#using-an-ssl-certificate
c.JupyterHub.ssl_key = '/path/to/my.key'c.JupyterHub.ssl_cert = '/path/to/my.cert'
- https://guide.ubuntu-fr.org/server/certificates-and-security.html
- https://geekflare.com/openssl-commands-certificates/
- Create Self-Signed Certificate
- https://www.madboa.com/geek/openssl/#how-do-i-generate-a-self-signed-certificate
- -nodes : unencrypted keys!
- """The tricky question is “Common Name.” You’ll want to answer with the hostname or CNAME by which people will address the server. This is very important. If your web server’s real hostname is mybox.mydomain.com but people will be using www.mydomain.com to address the box, then use the latter name to answer the “Common Name” question."""
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout my.key -out my.cert
""" Generating a 2048 bit RSA private key ..................+++ ......................................................+++ writing new private key to 'my.key'
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:Lyon Organization Name (eg, company) [Internet Widgits Pty Ltd]:Laurent Jouhet-Reverdy Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:code.ljouhet.net Email Address []:ljouhet@gmail.com """
Let's Encrypt
""" J'ai été obligé de tricher :
- Rediriger
code.ljouhet.netversadresse_ip(sans indication de port) - Utiliser certbot pour le challenge (avec --standalone, il crée un serveur sur le port 80 ou 443)
Re-rediriger
code.ljouhet.netversadresse_ip:8000et relancer JupyterHub """- https://www.memoinfo.fr/tutoriels-linux/configurer-lets-encrypt-apache/
- https://korben.info/securiser-facilement-gratuitement-site-https.html
- https://community.letsencrypt.org/t/how-do-i-generate-the-lets-encrypt-certificate-and-key-on-my-own-device-more-info-inside/27510/6
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-autoOn a alors :
root@jupyter:~# ./certbot-auto certonly --manual -d ljouhet.net -d code.ljouhet.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ljouhet.net
http-01 challenge for code.ljouhet.net
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
-------------------------------------------------------------------------------
Create a file containing just this data:
6ZJDw0OM7IjE8FaVvAFHGkApYANH5AloRMEF9-YYHEw.ylhe4wJcc_8aBd5SB-3B2YYEIm04F1vYmVDK47iFEF8
And make it available on your web server at this URL:
http://ljouhet.net/.well-known/acme-challenge/6ZJDw0OM7IjE8FaVvAFHGkApYANH5AloRMEF9-YYHEw
-------------------------------------------------------------------------------
Press Enter to ContinueErreurs
- Proxy déjà démarré
ps aux | grep proxy
pkill ...
# (ou)
sudo pkill node- Ajouter un utilisateur qui n'existe pas : https://github.com/jupyterhub/jupyterhub/issues/1060
- Nécessite sqlite3
En plus
- Scientific stack, graphviz, nbtutor
Extensions
- Freeze : http://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/freeze/readme.html
- init_cell : http://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/init_cell/README.html
- Python Markdown : http://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/python-markdown/readme.html
- Limit Output : http://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/limit_output/readme.html
OCaml
- Copier les fichiers dans
/usr/local/share/jupyter/kernels/ocaml/ sudo apt-get install ocaml opam rlwrap m4