If like me you use a lot of Jupyter Notebooks, you might want to run them from a remote server. More RAM, more computing power adnd edicated ressources can be quite useful!
Jupyter notebooks provide a solution to run remotely with a simple password protection. It works, but it’s not very secure.
I wanted to add a layer of security with some basic HTTP authentication. Here’s what I did, using Let’s Encrypt and Apache’s built-in authentication and
Note: I used Apache as a reverse proxy, but you could use the same configuration principles with any other webserver.
Configure your Jupyter Notebook server
First, you’ll need to configure Jupyter to run as a server.
Create a configuration file with this command:
jupyter_notebook_config.py file appears!
Before editing it, we’ll generate a pair of keys in order for our Jupyter server to run on HTTPS. As your Jupyter server will only communicate with Apache, you can create a basic SSL certificate:
Note: you could use Let’s Encrypt to generate a trusted certificate, but that’s not essential. See the example below if you want to see how.
jupyter_notebook_config.py file and insert or edit these lines:
keyfile are your newly generated SSL certificate keys.
Your server will only answer to localhost (
ip), but will have to allow requests from
https://example.com, as indicated in
allow_origin (remember to replace with your own domain). You also need to set
True for the same reason.
I found out that this setup won’t work if you don’t use a
base_url that’s not the root of your domain. However, you can easily redirect traffic from the root of your domain to this
base_url (we’ll do that later).
Finally, you can ask Jupyter not to try and open a browser, which probably wouldn’t work on a remote server anyway.
We’ll leave the other options to default values.
That’s all for Jupyter, you can run your notebooks server:
I recommend trying to access it using your remote server IP address or hostname (
https://XXX.XXX.XXX.XXX:8888/jupyter for instance), in order to check if everything is indeed secured.
If everything went well, you should not be able to access anything.
Configure your proxy
Now we’ll configure a new Apache
VirtualHost on our remote server, which will work as a proxy for our Jupyter instance. This means instead of accessing your notebooks with a URL such as
http://localhost:8888 (which you can’t on a remote server), you’ll be able to use them with your own domain.
We’ll create a new file in
/etc/apache2/sites-available/ to store this new VirtualHost:
Let’s add some very basic configuration:
Your host will now answer both for HTTP (
*:80) and HTTPS (
*:443) (we need HTTP for now because it will be used by LetsEncrypt to validate our SSL certificate).
A simple redirect leads from
The rest is pretty basic: we just store access logs in a specific file.
We’ll need to generate an auth file, with
htpasswd. Depending on your system, you might need to install it first: on Debian for instance, it’s part of
Then simply run:
You’ll be prompted to chose a new password for
user_name, and it will be stored (encrypted) into a new
You can now edit your Apache conf file, and add these lines at the end of the
<VirtualHost *:443> section:
This indicates Apache that users need to be authentified in order to access
https://example.com/jupyter, using credentials stored in our
At this point, your new VirtualHost is functionnal. If you set your domain’s DNS to point to your server, you should be able to access it. Simply enable the VirtualHost and reload Apache’s config:
Now, let’s enable a few Apache mods:
We can now configure Apache as a proxy for our Jupyter notebooks. Edit your VirtualHost as follows:
This simply proxies HTTPS traffic from
https://localhost:8888/jupyter and back, and the same thing for Jupyter’s internal API using Web Sockets.
Generate a SSL certificate with LetsEncrypt
Let’s Encrypt is an open-source and free certificate authority, for you to generate trusted SSL certificates.
Go to the website to get the exact setup instructions for your system. For example on Debian:
Now you can run
You’ll be asked to chose between all available VirtualHosts the one you want to create a certificate for. Certbot will generate and verify your new certificate, and ask you if you want to redirect HTTP traffic to HTTPS (which you should).
It will then edit your
/etc/apache2/sites-available/jupyter-notebooks.conf file, which should now look like this:
Note: Certbot can automatically renew your certificates before they expire. I advise you enable this very useful feature (RTFM).
Now is time to reload Apache’s conf:
You should now be all set to run your notebooks from a pretty and secure URL:
If everything went fine, you’ll be asked for your username and password before accessing the Jupyter notebooks.
Now get back to real work ;-)