HTTPS#
Warning
HTTPS is not enabled by default.
We do not recommend deploying JupyterHub without HTTPS for production use.
However in some situations it can be handy to do so, for example when testing the setup.
Enable HTTPS#
Support for HTTPS is handled automatically thanks to Let’s Encrypt, which also handles the automatic renewal of the certificates when they are about to expire.
In your hosts
file, add the name_server
and letsencrypt_email
variables:
[server]
51.178.95.237
[server:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev.plasmabio.org
letsencrypt_email=contact@plasmabio.org
If you have multiple servers, the hosts
file will look like the following:
[server1]
51.178.95.237
[server2]
51.178.95.238
[server1:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev1.plasmabio.org
letsencrypt_email=contact@plasmabio.org
[server2:vars]
ansible_python_interpreter=/usr/bin/python3
name_server=dev2.plasmabio.org
letsencrypt_email=contact@plasmabio.org
Modify these values to the ones you want to use.
Then, run the https.yml
playbook:
ansible-playbook https.yml -i hosts -u ubuntu
This will reload the proxy to take the changes into account.
It might take a few minutes for the certificates to be setup and the changes to take effect.
How to make the domain point to the IP of the server#
The domain used in the playbook variables (for example dev.plasmabio.org
), should also point to the IP of the
server running JupyterHub.
This is typically done by logging in to the registrar website and adding a new entry to the DNS records.
You can refer to the documentation for The Littlest JupyterHub on how to enable HTTPS for more details.
Manual HTTPS#
To use an existing SSL key and certificate, you can refer to the Manual HTTPS with existing key and certificate documentation for TLJH.
This can also be integrated in the https.yml
playbook by replacing the tljh-config
commands to the ones mentioned
in the documentation.