Apache Reverse Proxy Mod for Jupyter Notebook

Posted under » Apache » Python on 1 Jan 2022

You may have read my previous articles reverse proxy ie Installing CherryPy on Ubuntu and Tomcat and Apache HTTP Server. Now (a decade later) I `have' to do the same with Jupyter notebook using Apache.

I was following this tutorial which is helpful but if you need to the non-SSL version as you simply have no time for the cert hassle, please read below.

There are several challenges

On a bright side, you can secure your Jupyter notebook with a password. To do this, you

$ jupyter notebook --generate-config
$ jupyter notebook password

Now go to the Jupyter config folder at ~/.jupyter directory

Copy the password from the newly created jupyter_notebook_config.json file. It will look something like this.

"argon2:$argon2id$v=19$m=10240,t=10,p=8$PMmXzmJ+tzO1VS2v1LC6DooP/uLNgfbQYtE"

Paste it to the config file 'jupyter-notebook-config.py' like

c.NotebookApp.password = "argon2:$argon2id$v=19$m=10240,t=10,p=8$PMmXzmJ+tzO1VS2v1LC6DooP/uLNgfbQYtE"

There are several other changes to the config file so you have to uncomment thes

c.NotebookApp.allow_origin = '*'
c.NotebookApp.allow_remote_access = True
c.NotebookApp.base_url = '/jupyter'
c.NotebookApp.ip = 'localhost'
c.NotebookApp.trust_xheaders = True

Port by default is 8888.

At this point, Jupyter notebook will not work because we are now trying to make it work with Apache.

You have to install and/or enable the following mods.

I assume the basic mods like rewrite are enabled. Here is the apache config. Take note of the IP restriction for security.

<VirtualHost *:80>
ServerName jupyter.notebook.com
ServerAdmin webmaster@localhost

ErrorLog ${APACHE_LOG_DIR}/error-jupyter.log
CustomLog ${APACHE_LOG_DIR}/access-jupyter.log combined

ProxyPreserveHost On
ProxyRequests Off

<Proxy *>
  Order allow,deny
  allow from 23.27.17.51
</Proxy>

ProxyPass /jupyter http://localhost:8888/jupyter
ProxyPassReverse /jupyter http://localhost:8888/jupyter
RequestHeader set Origin "http://localhost:8888"
Redirect permanent / http://jupyter.notebook.com/jupyter

<Location "/jupyter/api/kernels">
  ProxyPass ws://localhost:8888/jupyter/api/kernels
  ProxyPassReverse ws://localhost:8888/jupyter/api/kernels
</Location>

</VirtualHost>

Note that if you don't use SSL, you use ws: and http: instead of wss: and https:.

Restart apache and if there are no errors, things are looking good. Now run screen and go to your environment and fire up jupyter notebook.

When you key in your password you are ready to rock and roll.

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS