I have a Ubuntu server running nginx on port 443 to serve some static content and Jupyterhub 0.8 on port 8000 for Python notebooks (jupyterhub is installed via pip and run as a service (not with Docker).
I would like to use nginx's reverse proxy to make jupyterhub accessible as a subpath, e.g. example.com/jupyterhub.
Following the documentation and some other discussions (e.g. this one) here, I came up with the following nginx configuration:
server_tokens off;
server {
listen 80;
server_name example.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl default_server;
#listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Make site accessible from http://localhost/
server_name localhost;
# certs sent to the client in SERVER HELLO are concatenated in
ssl_certificate
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location /jupyterhub/ {
proxy_pass http://localhost:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Plus, I set the following in jupyterhub_conf.py
c.JupyterHub.base_url = u'/jupyterhub'
c.JupyterHub.ip = '127.0.0.1'
When I visit https://example.com/jupyterhub I get a 502 error. Looking at the nginx error.log I find
*13 upstream prematurely closed connection while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /jupyterhub/ HTTP/1.1", upstream: "http://127.0.0.1:8000/jupyterhub/", host: "example.com"
A local curl of jupyterhub gives
$ curl -v http://127.0.0.1:8000/jupyterhub/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET /jupyterhub/ HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.52.1
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
答案 0 :(得分:0)
正如您所讨论的那样,您的问题是您的Jupyter正在使用https运行,并且您正在使用http proxy_pass。您需要将nginx配置更改为
location /jupyterhub/ {
proxy_pass https://localhost:8000;
...
同时确保https://localhost:8000中没有尾随斜杠,以便将/jupyterhub/作为网址的一部分发送给proxy_pass。