HTTPS

Warning

HTTPS is not enabled by default.

We do not recommend deploying JupyterHub without HTTPS for production use.

However in some situations it can be handy to do so, for example when testing the setup.

Enable HTTPS

Support for HTTPS is handled automatically thanks to Let’s Encrypt, which also handles the automatic renewal of the certificates when they are about to expire.

In your hosts file, add the name_server and letsencrypt_email variables:

[server]
51.178.95.237

[server:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev.plasmabio.org
letsencrypt_email=contact@plasmabio.org

If you have multiple servers, the hosts file will look like the following:

[server1]
51.178.95.237

[server2]
51.178.95.238

[server1:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev1.plasmabio.org
letsencrypt_email=contact@plasmabio.org

[server2:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev2.plasmabio.org
letsencrypt_email=contact@plasmabio.org

Modify these values to the ones you want to use.

Then, run the https.yml playbook:

ansible-playbook https.yml -i hosts -u ubuntu

This will reload the proxy to take the changes into account.

It might take a few minutes for the certificates to be setup and the changes to take effect.

How to make the domain point to the IP of the server

The domain used in the playbook variables (for example dev.plasmabio.org), should also point to the IP of the server running JupyterHub.

This is typically done by logging in to the registrar website and adding a new entry to the DNS records.

You can refer to the documentation for The Littlest JupyterHub on how to enable HTTPS for more details.

Manual HTTPS

To use an existing SSL key and certificate, you can refer to the Manual HTTPS with existing key and certificate documentation for TLJH.

This can also be integrated in the https.yml playbook by replacing the tljh-config commands to the ones mentioned in the documentation.