Closed kerwinkfs closed 5 years ago
defeo
commented
5 years ago This error seems to be related to TLS keys and certficates, which are not related to the present configuration. Maybe related to the way you have another web server (ngingx or apache, maybe) set up?
kerwinkfs
commented
5 years ago Thank you for your quick response. Ok, I got pass that point with the certs. Now when I go to localhost:8000 I Safari Can't Connect to Server.
Thoughts? Kerwin
defeo
commented
5 years ago Sorry about my previous nonsense answer. I should have told you to look into /etc/certs, but somehow forgot that traefik was managing the certs.
Re you newer question, I don't know why you're trying to connect on port 8000. The traefik proxy is set to listen on ports 80 (http) and 443 (https):
If you haven't touched the configuration, then that's where you should point your browser.
kerwinkfs
commented
5 years ago Hello Luca,
Yep, I tried all of the different ports options.All would not launch the jupyterhub. I can’t get to the Traefik dashboard.
I’m sorry, I’m having these issues.
Thoughts? Kerwin
On Mar 15, 2019, at 6:28 PM, Luca De Feo notifications@github.com wrote:
Sorry about my previous nonsense answer. I should have told you to look into /etc/certs, but somehow forgot that traefik was managing the certs.
Re you newer question, I don't know why you're trying to connect on port 8000. The traefik proxy is set to listen on ports 80 (http) and 443 (https):
https://github.com/defeo/jupyterhub-docker/blob/d2e20a3fa1a899b9f9cd8e8de17597d679a0786e/docker-compose.yml#L30-L33 https://github.com/defeo/jupyterhub-docker/blob/d2e20a3fa1a899b9f9cd8e8de17597d679a0786e/docker-compose.yml#L30-L33 If you haven't touched the configuration, then that's where you should point your browser.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/defeo/jupyterhub-docker/issues/4#issuecomment-473472049, or mute the thread https://github.com/notifications/unsubscribe-auth/Af4fKbniRHPgxrgVN58sjXZDQnMplnrtks5vXCyvgaJpZM4b10eW.
defeo
commented
5 years ago No problem. But it's hard for me to help without seeing your docker-compose.yml at the very least.
kerwinkfs
commented
5 years ago Here you go…
version: '3'
services: jupyterhub: build: jupyterhub image: jupyterhub_img container_name: jupyterhub volumes:
"traefik.frontend.rule=Host:http://jupyterhub:8081" restart: on-failure
jupyterlab: build: jupyterlab image: jupyterlab_img container_name: jupyterlab-throaway network_mode: none command: echo
reverse-proxy: image: traefik container_name: reverse-proxy ports:
volumes: jupyterhub_data:
defeo
commented
5 years ago So, given this file, the traefik dashboard should be listening on port 8080, and the jupyterhub server on port 80. If those ports are unresponsive, then check that trafik is running.
I don't understand what you are trying to achieve with this rule: "traefik.frontend.rule=Host:http://jupyterhub:8081". Presumably, because of this, traefik will fail to forward traffic from port 80 to the jupyterhub host. Please read about Traefik fronteds to understand what goes in this rule (and whether you need it at all).
kerwinkfs
commented
5 years ago Let me change it back to the original. Its was one of the options I had tried to see if I would get a different action.
Thank you for you help.
Kerwin
On Mar 16, 2019, at 8:29 AM, Luca De Feo notifications@github.com wrote:
So, given this file, the traefik dashboard should be listening on port 8080, and the jupyterhub server on port 80. If those ports are unresponsive, then check that trafik is running.
I don't understand what you are trying to achieve with this rule: "traefik.frontend.rule=Host:http://jupyterhub:8081". Presumably, because of this, traefik will fail to forward traffic from port 80 to the jupyterhub host. Please read about Traefik fronteds https://docs.traefik.io/basics/#frontends to understand what goes in this rule (and whether you need it at all).
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/defeo/jupyterhub-docker/issues/4#issuecomment-473530235, or mute the thread https://github.com/notifications/unsubscribe-auth/Af4fKa1TQSWRlBoelCXruQDnLhKxrxo9ks5vXPG6gaJpZM4b10eW.
defeo
commented
5 years ago The original will not work for you either. That's the name of the server where you're going to host the service. You do have a server with an assigned DNS name, right?
kerwinkfs
commented
5 years ago Here is the output from the docker up command.
Attaching to jupyterlab-throaway, jupyterhub, reverse-proxy jupyterlab-throaway | jupyterlab-throaway exited with code 0 jupyterhub | [I 2019-03-16 13:55:11.661 JupyterHub app:1667] Using Authenticator: builtins.UVSQAuthenticator jupyterhub | [I 2019-03-16 13:55:11.661 JupyterHub app:1667] Using Spawner: dockerspawner.dockerspawner.DockerSpawner-0.10.0 jupyterhub | [I 2019-03-16 13:55:11.664 JupyterHub app:1014] Loading cookie_secret from /srv/jupyterhub/jupyterhub_cookie_secret jupyterhub | [I 2019-03-16 13:55:11.683 JupyterHub proxy:431] Generating new CONFIGPROXY_AUTH_TOKEN jupyterhub | [I 2019-03-16 13:55:11.707 JupyterHub app:1199] Not using whitelist. Any authenticated user will be allowed. jupyterhub | [I 2019-03-16 13:55:11.747 JupyterHub app:1849] Hub API listening on http://jupyterhub:8081/hub/ jupyterhub | [W 2019-03-16 13:55:11.749 JupyterHub proxy:565] Running JupyterHub without SSL. I hope there is SSL termination happening somewhere else... jupyterhub | [I 2019-03-16 13:55:11.749 JupyterHub proxy:567] Starting proxy @ http://:8000 jupyterhub | 13:55:12.104 - info: [ConfigProxy] Proxying http://*:8000 to (no default) jupyterhub | 13:55:12.108 - info: [ConfigProxy] Proxy API at http://127.0.0.1:8001/api/routes jupyterhub | [I 2019-03-16 13:55:12.153 JupyterHub app:1870] Starting managed service cull_idle jupyterhub | [I 2019-03-16 13:55:12.153 JupyterHub service:302] Starting service 'cull_idle': ['python', '/srv/jupyterhub/cull_idle_servers.py', '--timeout=3600'] jupyterhub | [I 2019-03-16 13:55:12.156 JupyterHub service:114] Spawning python /srv/jupyterhub/cull_idle_servers.py --timeout=3600 jupyterhub | 13:55:12.173 - info: [ConfigProxy] 200 GET /api/routes jupyterhub | [I 2019-03-16 13:55:12.174 JupyterHub proxy:301] Checking routes jupyterhub | [I 2019-03-16 13:55:12.174 JupyterHub proxy:370] Adding default route for Hub: / => http://jupyterhub:8081 jupyterhub | 13:55:12.178 - info: [ConfigProxy] Adding route / -> http://jupyterhub:8081 jupyterhub | 13:55:12.180 - info: [ConfigProxy] 201 POST /api/routes/ jupyterhub | [I 2019-03-16 13:55:12.181 JupyterHub app:1906] JupyterHub is now running at http://:8000 jupyterhub | [I 2019-03-16 13:55:12.318 JupyterHub log:158] 200 GET /hub/api/users (cull_idle@172.18.0.3) 17.17ms
I have to be doing something wrong because I still can not reach jupyterhub. Current compose file..
version: '3'
services: jupyterhub: build: jupyterhub image: jupyterhub_img container_name: jupyterhub volumes:
"traefik.enable=true" restart: on-failure
jupyterlab: build: jupyterlab image: jupyterlab_img container_name: jupyterlab-throaway network_mode: none command: echo
reverse-proxy: image: traefik container_name: reverse-proxy ports:
volumes: jupyterhub_data:
On Mar 16, 2019, at 8:29 AM, Luca De Feo notifications@github.com wrote:
So, given this file, the traefik dashboard should be listening on port 8080, and the jupyterhub server on port 80. If those ports are unresponsive, then check that trafik is running.
I don't understand what you are trying to achieve with this rule: "traefik.frontend.rule=Host:http://jupyterhub:8081". Presumably, because of this, traefik will fail to forward traffic from port 80 to the jupyterhub host. Please read about Traefik fronteds https://docs.traefik.io/basics/#frontends to understand what goes in this rule (and whether you need it at all).
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/defeo/jupyterhub-docker/issues/4#issuecomment-473530235, or mute the thread https://github.com/notifications/unsubscribe-auth/Af4fKa1TQSWRlBoelCXruQDnLhKxrxo9ks5vXPG6gaJpZM4b10eW.
kerwinkfs
commented
5 years ago Yes I do..
On Mar 16, 2019, at 8:58 AM, Luca De Feo notifications@github.com wrote:
The original will not work for you either. That's the name of the server where you're going to host the service. You do have a server with an assigned DNS name, right?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/defeo/jupyterhub-docker/issues/4#issuecomment-473532632, or mute the thread https://github.com/notifications/unsubscribe-auth/Af4fKcJme2S4Kn1uWAOIZu1uq7yXCUfXks5vXPiZgaJpZM4b10eW.
defeo
commented
5 years ago You should disregard the URLs that JupyterHub writes in the logs, such as http://localhost:8081: those are local to the container, and not reachable from outside (e.g., from your browser).
Traefik is doing the job of proxying connections to the various containers. That Host:... rule is telling Traefik to proxy all connections to jupyter.ens.uvsq.fr to the jupyterhub container. You should replace jupyter.ens.uvsq.fr with the name of your server everywhere. You will not be able to reach JupyterHub via localhost, only via that name.
If you want to also access JupyterHub via localhost, then you can add more Traefik directives in the labels section. Check out the Traefik docs.
If you're unsure whether traefik is running and/or properly detecting docker containers, go to the dashboard on http://localhost:8080/.
Hello Luca,
I"m using your example as is. I run docker-compose build and up. I'm not able to reach localhost after compose up is complete. Looking through the output I see the error: level-error msg=failed to load x509 key pair: tls: failed to find PEM stat in certificate imputes"
I tried replacing the authentication method to the GitLab example as well, but still the same error.
They cert files are there.
Any thoughts? Thanks Kerwin