search

jupyterhub / jupyter-server-proxy

Jupyter notebook server extension to proxy web services.
https://jupyter-server-proxy.readthedocs.io
BSD 3-Clause "New" or "Revised" License
347 stars 148 forks source link

Support for HTTPS #89

Open ChandaniM123 opened 5 years ago

ChandaniM123 commented 5 years ago

I am trying to use this server-proxy to talk to an application that accepts only https requests(requires SSL). Is there a way to update this to support https ?

yuvipanda commented 5 years ago

Heya! Good question! I don't see why not. We can have a 'https' field in the config that can be set to 'true' optionally to support https. Would love patches! :)

rcthomas commented 4 years ago

Hi @ChandaniM123 @yuvipanda I think we need to do this too. I'm thinking should we actually have configuration options for key, cert, and CA?

yuvipanda commented 4 years ago

@rcthomas Yeah, that sounds like a good way to do that. Happy to review a PR

rcthomas commented 4 years ago

Hey @yuvipanda I've made some progress on the HTTP handlers. I can at least make the proxy talk to various Dask components over SSL. It's not perfect but I think the remaining issue I have there on the HTTP handler side I will be able to work out. (Some certificate verification problem on the Dask dashboard.)

I'm also wondering if we should set up the default to be a check for the internal SSL components from JupyterHub. That is, something like:

keyfile = Unicode(
        os.getenv("JUPYTERHUB_SSL_KEYFILE", ""),
        help="SSL key, use with certfile",
        config=True
)

This may be a too-complicated default. A user could simply put that os.getenv() into their config, instead of us deciding for them that the above default scheme is the way they should be doing it.

The more looming thing is the websocket handler stuff, it's failing right now which I expected, and I am wondering if you had any pointers or orientation on the websocket side of things that it would be good to know before I start hacking.

yuvipanda commented 4 years ago

Yeah, I think to begin with asking users to put os.getenv is probably the way to go.

I think @ryanlovett added most of the websocket stuff, so might have more pointers.

I am very excited you are working on this, @rcthomas!

rcthomas commented 4 years ago

Thanks! OK, I may actually have gotten it working with websockets too. Now to test some more and clean up!

PhML commented 1 year ago

@rcthomas What is the status of this issue ? Are you still working on it ?

rcthomas commented 1 year ago

@PhML no, and I think the reason I stopped pushing is that my motivating use cases evaporated. Not sure whether anyone else wants to pick it up and carry it forward, I am sure the PR I submitted is out of date. More sets of eyes on what was wrong there might help.