[Python] Jupyter Server Setup

jupyter

Purpose:

I’d like to setup a jupyter sever that only can be edited by me and I also can share the jupyter notebooks to anyone.

There are two URLs, one for admin (me) and another for share to anyone.

But, current jupyter server doesn’t support permission management for login user or guest user.

So, anyone who can see your jupyter page are able to edit and view.

There are some common ways can archive this purpose: ( Good ref )

Here, I don’t use the above ways, I use a tricky way to do that as below:

  • Execute two jupyter processes that run by different users jupyter and jupyter_ro (readonly).
    jupyter is used to run admin jupyter process and is used to run guest jupyter process.
  • These two jupyter processes listen different ports that admin use port 8888 and guest use port 8889.
  • Two jupyter processes share the same notebook directory and the permission of notebook directory is jupyter that means only jupyter’s admin page can write and jupyter_ro’s share page only can read.
  • Use apache proxy to well route traffic from different domain to associate port
    • https://jupyter-admin.chenlego.me to 8888
    • https://jupyter.chenlego.me to 8889
  • Then we can archive our purpose.
    • This way is not that good, because we only restrict guest cannot write , but they still can execute python code on your guest jupyter site and then use your host’s resources.

Demo

jupyter-admin is trusted

jupyter(guest) is Not trusted

How to

  • Here is my jupyter setup scripts https://github.com/chenlego/jupyter_setup

    • scripts/jupyter_install.sh will do
      • install jupyter by download anaconda
      • generate jupyter config
      • create required run user
      • prepare required path, ex: log path, anaconda install path, config path and notebook path
      • generate startup config and register jupyter as a DAEMON to systemD
      • generate startup script for startup config
      • well done permissions for each directory and file
    • scripts/jupyter_guest_install.sh
      • same as jupyter_install.sh, but this is for installing the guest readonly jupyter daemon.
    • scripts/jupyter_passwd.py
      • used to generate password for admin jupyter daemon during the installation process
    • scripts/jupyter_remove.sh
      • used to remove jupyter related files and directories
    • scripts/jupyter.global
      • used to define related installation variables like installation path, log path and config path
    • startup/jupyter.script.template
      • used to generate startup script for jupyter daemon
    • startup/jupyter.service.template
      • used to generate SystemD service file for jupyter daemon
    • conf/jupyter/jupyter_notebook_config.append.py
      • jupyter admin daemon config
        • require password login
        • no need token
        • listen port 8888
    • conf/jupyter/jupyter_notebook_config_guest.append.py
      • jupyter guest daemon config
        • no require password login and token
        • listen port 8889
  • Command Steps

    1. jupyter admin daemon

      • Install

        $ git clone git@github.com:chenlego/jupyter_setup.git
        $ cd jupyter_setup
        $ sudo bash scripts/jupyter_install.sh
        
      • Start jupyter admin daemon

        $ sudo service jupyter start
        
    2. jupyter guest daemon

      • Install

        $ cd jupyter_setup
        $ sudo bash scripts/jupyter_install.sh
        
      • Start jupyter guest daemon

        sudo service jupyter stop
        
  • Use apache proxy to well route traffic from different domain to associate port

    • Note:

      • SSL Certificates are generated by Let’s encrypt ( how to )
    • https://jupyter-admin.chenlego.me to 8888

      • http request will be redirected to https
        <VirtualHost *:80>
            ServerName jupyter-admin.chenlego.me
            Redirect / https://jupyter-admin.chenlego.me/
        </VirtualHost>
      • Setup ProxPass
        <IfModule mod_ssl.c>
        <VirtualHost *:443>
            ServerName jupyter-admin.chenlego.me
            ProxyPreserveHost On
            ProxyRequests off
        
            ProxyPass /api/kernels/ ws://localhost:8888/api/kernels/
            ProxyPassReverse /api/kernels/ http://localhost:8888/api/kernels/
        
            ProxyPass / http://localhost:8888/
            ProxyPassReverse / http://localhost:8888/
            SSLCertificateFile /etc/letsencrypt/live/jupyter-admin.chenlego.me/cert.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/jupyter-admin.chenlego.me/privkey.pem
            Include /etc/letsencrypt/options-ssl-apache.conf
            SSLCertificateChainFile /etc/letsencrypt/live/jupyter-admin.chenlego.me/chain.pem
            CustomLog /var/log/httpd/jupyter-admin.chenlego.me-access.log combined
            ErrorLog /var/log/httpd/jupyter-admin.chenlego.me-error.log
        </VirtualHost>
        </IfModule>
    • https://jupyter.chenlego.me to 8889

      • http request will be redirected to https
        <VirtualHost *:80>
            ServerName jupyter.chenlego.me
            Redirect / https://jupyter.chenlego.me/
        </VirtualHost>
      • Setup ProxPass
        <IfModule mod_ssl.c>
        <VirtualHost *:443>
            ServerName jupyter.chenlego.me
            ProxyPreserveHost On
            ProxyRequests off
        
            ProxyPass /api/kernels/ ws://localhost:8889/api/kernels/
            ProxyPassReverse /api/kernels/ http://localhost:8889/api/kernels/
        
            ProxyPass / http://localhost:8889/
            ProxyPassReverse / http://localhost:8889/
           
        
            SSLCertificateFile /etc/letsencrypt/live/jupyter.chenlego.me/cert.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/jupyter.chenlego.me/privkey.pem
            Include /etc/letsencrypt/options-ssl-apache.conf
            SSLCertificateChainFile /etc/letsencrypt/live/jupyter.chenlego.me/chain.pem
        
            CustomLog /var/log/httpd/jupyter.chenlego.me-access.log combined
            ErrorLog /var/log/httpd/jupyter.chenlego.me-error.log
        </VirtualHost>
        </IfModule>
    • restart apache
      $ sudo service httpd restart
      

Ref

Programming
[Python3] installation – tarball

python packages: https://www.python.org/ftp/python/ I tried install Python-3.6.4  tarball on RHEL6 and RHEL7, looks no problem. Install pre-required packages $ sudo yum install openssl openssl-devel -y Install python3 by tarball $ wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tar.xz $ tar -xJf Python-3.6.4.tar.xz $ cd Python-3.6.4 ############## # enable ssl module ############## $ vi Modules/Setup  <= un-comment the following lines # …

Programming
[Python] Print Formatting

>>> name = ‘Lego Chen’ >>> job = ‘engineer’ >>> print ‘%s is an %s’ %(name, job) Lego Chen is an engineer >>> print ‘%10s is an %20s’ %(name, job) Lego Chen is an engineer >>> print ‘The flotting number is: %10.3f’ %(1000.33356) The flotting number is: 1000.334 >>> print …

Server stuff
[SSL] Let’s encrypt How to

https://letsencrypt.org/ I only record command steps. Install pre-required packages $ sudo yum install gcc libffi-devel python-devel openssl-devel git Get letsencrypt-auto script from GitHub repo letsencrypt git link $ sudo git clone https://github.com/letsencrypt/letsencrypt /usr/share/letsencrypt Cloning into 'letsencrypt'… remote: Counting objects: 48173, done. remote: Compressing objects: 100% (14/14), done. remote: Total 48173 (delta …