Open phaustin opened 3 years ago
This is just for https, right?
that's right, we just want to be able securely send real passwords to the jupyterhub login page, and to use github or cwl oauth to authorize a new user on the jupyterhub. nginx, traefik, whatever, but being able to autorenew letsencrypt would be very nice
I'd like to be able to whitelist my friends at other universities to collaborate, using their github username.
I already have SSL coming from nginx. I used *.eoas SSL cert. Now looking at auth.
Cheers,
Charles
On Sep 24, 2020, at 3:30 PM, Philip Austin notifications@github.com<mailto:notifications@github.com> wrote:
that's right, we just want to be able securely send real passwords to the jupyterhub login page, and to use github or cwl oauth to authorize a new user on the jupyterhub. nginx, traefik, whatever, but being able to autorenew letsencrypt would be very nice
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/eoas-ubc/eoas_tlef/issues/42#issuecomment-698621510, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGKNB6YMQBH7576VIZRNLE3SHPCBFANCNFSM4RYNFKEA.
@CharlesKrzysik -- it does look like the nginx proxy is working just fine with kubespawner on jupyterhub.eoas.ubc.ca -- does that provide any clues as to why it's refusing to connect with dockerspawner on a301_hub?
This fixed the issue:
map $http_upgrade $connection_upgrade { default upgrade; '' close; } server {
listen 443 ssl;
server_name a301_hub.eoas.ubc.ca<http://a301_hub.eoas.ubc.ca>;
ssl_certificate /certs/eoas.pem;
ssl_certificate_key /certs/key.pem;
#ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/jupyterhub.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host;
proxy_pass http://node07.eos.ubc.ca:8082;
proxy_read_timeout 90;
proxy_redirect https://a301_hub.eoas.ubc.ca http://node07.eos.ubc.ca:8082;
}
}
Cheers,
Charles.
On Sep 24, 2020, at 3:35 PM, Philip Austin notifications@github.com<mailto:notifications@github.com> wrote:
@CharlesKrzysikhttps://github.com/CharlesKrzysik -- it does look like the nginx proxy is working just fine with kubespawner on jupyterhub.eoas.ubc.cahttp://jupyterhub.eoas.ubc.ca -- does that provide any clues as to why it's refusing to connect with dockerspawner on a301_hub?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/eoas-ubc/eoas_tlef/issues/42#issuecomment-698622865, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGKNB642G2HCGJFAOLIOD33SHPCRJANCNFSM4RYNFKEA.
So @CharlesKrzysik for my own education, can you explain how we get away without having the websocket section in the reference example?
https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html
nevermind, I see it now
I used baseline nginx proxy instructions from nginx.com/bloghttp://nginx.com/blog . It worked on other examples, so I am not sure why it failed in this particular case.
On different note, for authentication do you want to use GitHub:
https://github.com/jupyterhub/oauthenticator via. https://tljh.jupyter.org/en/latest/howto/auth/github.html ?
Shibboleth and CWL will take some time as there are several steps on our side and Central.
Charles.
On Sep 24, 2020, at 6:00 PM, Philip Austin notifications@github.com<mailto:notifications@github.com> wrote:
So @CharlesKrzysikhttps://github.com/CharlesKrzysik for my own education, can you explain how we get away without having the websocket section in the reference example?
https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/eoas-ubc/eoas_tlef/issues/42#issuecomment-698663537, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGKNB66HN2LEFW2MCBNZLI3SHPTULANCNFSM4RYNFKEA.
yes, I think github for my nodes -- cwl for the M235 nodes