子路径中带有 nginx 反向代理的 Jupyterhub
Jupyterhub with nginx reverse proxy in a subpath
我在端口 443 上有一个 Ubuntu 服务器 运行ning nginx 来提供一些静态内容,在端口 8000 上有 Jupyterhub 0.8 用于 Python 笔记本(jupyterhub 是通过 pip 和 运行 作为服务安装的(不是 Docker)。
我想使用 nginx 的反向代理使 jupyterhub 可以作为子路径访问,例如example.com/jupyterhub.
根据此处的文档和其他一些讨论(例如 this one),我提出了以下 nginx 配置:
server_tokens off;
server {
listen 80;
server_name example.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl default_server;
#listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Make site accessible from http://localhost/
server_name localhost;
# certs sent to the client in SERVER HELLO are concatenated in
ssl_certificate
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location /jupyterhub/ {
proxy_pass http://localhost:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
此外,我在jupyterhub_conf.py
中设置了以下内容
c.JupyterHub.base_url = u'/jupyterhub'
c.JupyterHub.ip = '127.0.0.1'
当我访问 https://example.com/jupyterhub 时出现 502 错误。查看 nginx error.log 我发现
*13 upstream prematurely closed connection while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /jupyterhub/ HTTP/1.1", upstream: "http://127.0.0.1:8000/jupyterhub/", host: "example.com"
jupyterhub 的本地 curl 给出
$ curl -v http://127.0.0.1:8000/jupyterhub/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET /jupyterhub/ HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.52.1
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
正如所讨论的,您的问题是您的 Jupyter 在 https 上 运行 而您正在为您的 proxy_pass 使用 http。您需要将 nginx 配置更改为以下
location /jupyterhub/ {
proxy_pass https://localhost:8000;
...
还要确保 https://localhost:8000 中没有尾部斜线,以便 /jupyterhub/ 作为 url 的一部分发送到 proxy_pass。
我在端口 443 上有一个 Ubuntu 服务器 运行ning nginx 来提供一些静态内容,在端口 8000 上有 Jupyterhub 0.8 用于 Python 笔记本(jupyterhub 是通过 pip 和 运行 作为服务安装的(不是 Docker)。
我想使用 nginx 的反向代理使 jupyterhub 可以作为子路径访问,例如example.com/jupyterhub.
根据此处的文档和其他一些讨论(例如 this one),我提出了以下 nginx 配置:
server_tokens off;
server {
listen 80;
server_name example.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl default_server;
#listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Make site accessible from http://localhost/
server_name localhost;
# certs sent to the client in SERVER HELLO are concatenated in
ssl_certificate
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location /jupyterhub/ {
proxy_pass http://localhost:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
此外,我在jupyterhub_conf.py
c.JupyterHub.base_url = u'/jupyterhub'
c.JupyterHub.ip = '127.0.0.1'
当我访问 https://example.com/jupyterhub 时出现 502 错误。查看 nginx error.log 我发现
*13 upstream prematurely closed connection while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /jupyterhub/ HTTP/1.1", upstream: "http://127.0.0.1:8000/jupyterhub/", host: "example.com"
jupyterhub 的本地 curl 给出
$ curl -v http://127.0.0.1:8000/jupyterhub/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET /jupyterhub/ HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.52.1
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
正如所讨论的,您的问题是您的 Jupyter 在 https 上 运行 而您正在为您的 proxy_pass 使用 http。您需要将 nginx 配置更改为以下
location /jupyterhub/ {
proxy_pass https://localhost:8000;
...
还要确保 https://localhost:8000 中没有尾部斜线,以便 /jupyterhub/ 作为 url 的一部分发送到 proxy_pass。