https entry point? - Githubissues

jupyterhub / zero-to-jupyterhub-k8s

Helm Chart & Documentation for deploying JupyterHub on Kubernetes

https://zero-to-jupyterhub.readthedocs.io

Other

1.56k stars 799 forks source link

https entry point? #43

Closed AaronWatters closed 7 years ago

AaronWatters commented 7 years ago

Please document how to set up an https entry point for the hub server. Currently the server is accessed by default using http.

yuvipanda commented 7 years ago

Tracked in https://github.com/jupyterhub/helm-chart/issues/14

yuvipanda commented 7 years ago

This has been fixed by #229!

masonlr commented 6 years ago

@yuvipanda does #229 explicitly require purchasing a domain name from a registrar? (as explained https://zero-to-jupyterhub.readthedocs.io/en/v0.5-doc/security.html#https)

What I'd like to do is access the CLUSTER-IP directly using https, rather than via the A record on a separate DNS provider? Is this even possible – apologies I'm new to this topic.

Example: http://<CLUSTER-IP> works for me in a browser, but can I get https://<CLUSTER-IP> to work for me via proxy options in the config yaml files?

yuvipanda commented 6 years ago

@masonlr yeah, it does require an external domain name purchased. This is because we use https://letsencrypt.org/ to provision HTTPS certificates, and they require a domain name. This is the case for most HTTPS certificate providers - they won't provide you HTTPS certificates for IPs.

CLUSTER-IP is also usually only accessible from inside the cluster, and (unless your cluster is configured in specific ways that most clusters are not) not accessible from the external world.

masonlr commented 6 years ago

@yuvipanda thanks for this info. Apologies, I should have written EXTERNAL-IP above, i.e. http://<EXTERNAL-IP> works for me in a browser.

masonlr commented 6 years ago

@yuvipanda just to clarify, if I follow the deployment instructions for the zero-to-jupyterhub-k8s repository I receive an EXTERNAL-IP of the form (where letters are replaced with numbers)

mn.opq.rs.tu

This automatically sets up a domain name of the form

tu.rs.opq.mn.bc.googleusercontent.com

Should it be possible for me to pass this domain name to let's encrypt via yaml parameters:

proxy:
  https:
    hosts:
      - tu.rs.opq.mn.bc.googleusercontent.com
    letsencrypt:
      contactEmail: my.email@example.com

Or, is this insufficient information for proving control of the tu.rs.opq.mn.bc.googleusercontent.com domain?