Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Activate internal_ssl #1

Open
cmd-ntrf opened this issue Aug 26, 2019 · 0 comments
Open

Activate internal_ssl #1

cmd-ntrf opened this issue Aug 26, 2019 · 0 comments
Assignees
@cmd-ntrf
Labels
enhancement New feature or request

Comments

@cmd-ntrf
Copy link
Member

This requires a few modifications to batchspawner and jupyterhub_config.py.

Here is an example of a functional jupyterhub_config.py for a cluster at turtle.ulaval.cloud

c.JupyterHub.internal_ssl = True
c.JupyterHub.trusted_alt_names = ['DNS:turtle.ulaval.cloud', 'DNS:login01.int.turtle.ulaval.cloud']
c.Spawner.ssl_alt_names = ['DNS:*.int.turtle.ulaval.cloud', 'DNS:node*', 'DNS:turtle.ulaval.cloud']
c.Spawner.ssl_alt_names_include_local = False

It requires to add the following to submit.sh:

echo {{ssl_key}} | base64 -d > $JUPYTERHUB_SSL_KEYFILE
echo {{ssl_cert}} | base64 -d > $JUPYTERHUB_SSL_CERTFILE
echo {{ssl_ca}} | base64 -d > $JUPYTERHUB_SSL_CLIENT_CA

export JUPYTERHUB_SSL_KEYFILE=$HOME/$JUPYTERHUB_SSL_KEYFILE
export JUPYTERHUB_SSL_CERTFILE=$HOME/$JUPYTERHUB_SSL_CERTFILE
export JUPYTERHUB_SSL_CLIENT_CA=$HOME/$JUPYTERHUB_SSL_CLIENT_CA

And the following function to batchspawner.Spawner:

    async def move_certs(self, paths):
        import base64
        #self.user_options = {}
        with open(paths['keyfile'], 'rb') as file_:
            self.user_options['ssl_key'] = base64.b64encode(file_.read()).decode('utf-8')
        with open(paths['certfile'], 'rb') as file_:
            self.user_options['ssl_cert'] = base64.b64encode(file_.read()).decode('utf-8')
        with open(paths['cafile'], 'rb') as file_:
            self.user_options['ssl_ca'] = base64.b64encode(file_.read()).decode('utf-8')
        return {'keyfile' : paths['keyfile'].split('/')[-1],
                'certfile' : paths['certfile'].split('/')[-1],
                'cafile' : paths['cafile'].split('/')[-1]}
@cmd-ntrf cmd-ntrf added the enhancement New feature or request label Aug 26, 2019
@cmd-ntrf cmd-ntrf self-assigned this Aug 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmd-ntrf cmd-ntrf

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cmd-ntrf