Open ChandaniM123 opened 5 years ago
Heya! Good question! I don't see why not. We can have a 'https' field in the config that can be set to 'true' optionally to support https. Would love patches! :)
Hi @ChandaniM123 @yuvipanda I think we need to do this too. I'm thinking should we actually have configuration options for key, cert, and CA?
@rcthomas Yeah, that sounds like a good way to do that. Happy to review a PR
Hey @yuvipanda I've made some progress on the HTTP handlers. I can at least make the proxy talk to various Dask components over SSL. It's not perfect but I think the remaining issue I have there on the HTTP handler side I will be able to work out. (Some certificate verification problem on the Dask dashboard.)
I'm also wondering if we should set up the default to be a check for the internal SSL components from JupyterHub. That is, something like:
keyfile = Unicode(
os.getenv("JUPYTERHUB_SSL_KEYFILE", ""),
help="SSL key, use with certfile",
config=True
)
This may be a too-complicated default. A user could simply put that os.getenv() into their config, instead of us deciding for them that the above default scheme is the way they should be doing it.
The more looming thing is the websocket handler stuff, it's failing right now which I expected, and I am wondering if you had any pointers or orientation on the websocket side of things that it would be good to know before I start hacking.
Yeah, I think to begin with asking users to put os.getenv is probably the way to go.
I think @ryanlovett added most of the websocket stuff, so might have more pointers.
I am very excited you are working on this, @rcthomas!
Thanks! OK, I may actually have gotten it working with websockets too. Now to test some more and clean up!
@rcthomas What is the status of this issue ? Are you still working on it ?
@PhML no, and I think the reason I stopped pushing is that my motivating use cases evaporated. Not sure whether anyone else wants to pick it up and carry it forward, I am sure the PR I submitted is out of date. More sets of eyes on what was wrong there might help.
I am trying to use this server-proxy to talk to an application that accepts only https requests(requires SSL). Is there a way to update this to support https ?