Closed arturozv closed 2 years ago
This is also something we'd need for our setup -- hope to hear soon how this can be done!
I don't have any experiences with EKS, but could you use an ingress? https://kubernetes.io/docs/concepts/services-networking/ingress/
I don't have any experiences with EKS, but could you use an ingress? https://kubernetes.io/docs/concepts/services-networking/ingress/
I thought about that way, but adding another proxy on top of Tornado doesn't seem like a clean solution...
I wouldn't say it's "unclean". Load-balanced-ingress proxying to (a potentially multi-layer) backend-app is a pretty common pattern.
We just ended up using cloudflare and it has a feature that does this automagically...
I explored and documented this in #1811, but for that PR to get merged, I'll need help with review by people with a proxy.https.type=offload
setup.
Hi,
I'm not sure if this question is best answered here, in #1811, or on Discourse. I'm testing an EKS-based deployment and when I configure c.JupyterHub.subdomain_host
, I end up with a redirect loop error. Wildcard DNS and certs are setup, and I've configured SSL termination in the ELB.
Any suggestions, @consideRatio? I'd be glad to test #1811 if that's relevant to what I'm seeing.
Thanks
--Rick
Minimal configuration for testing:
proxy:
secretToken: "<a token>"
https:
enabled: true
type: offload
service:
annotations:
# Certificate ARN
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<an arn>"
# The protocol to use on the backend, we use TCP since we're using websockets
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
# Which ports should use SSL
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
hub:
config:
JupyterHub:
subdomain_host: 'https://<FQDN>'
Helm command
RELEASE=jhub
NAMESPACE=jhub
helm upgrade --cleanup-on-fail --install $RELEASE jupyterhub/jupyterhub --namespace $NAMESPACE --create-namespace --version=0.11.1 --values config.yaml
I think maybe yes? This would be the CHP feature enabled by --redirect-port
and --redirect-to
flag, right? See https://github.com/jupyterhub/configurable-http-proxy#command-line-options.
So, with proxy.chp.extraCommandLineFlags
configuration of the Helm chart, it think it could be possible.
I'll close this as stale/resolved.
We are putting together a JupyterHub POC in AWS/EKS
We have a working setup for https with offload to a aws ELB using annotations for the load balancer (docs)
The hub can still be accessed by using http and we are trying to set up a redirect to https. According to aws docs this cant be done at the ELB level.
Is there an alternative to set up an nginx in front of the jhub proxy?
Thank you!
Contents of
config.yaml