How to run IPython behind an Apache proxy
Solution 1
I got this working using the following setup.
IPython
IPython Notebook is listening at http://localhost:8888/ipython
. It was necessary to add the /ipython
prefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.
The ipython_notebook_config.py
c = get_config()
c.NotebookApp.ip = 'localhost'
c.NotebookApp.open_browser = False
c.NotebookApp.port = 8888
c.NotebookApp.base_url = '/ipython'
Apache
I enabled
mod_proxy
mod_proxy_http
mod_proxy_wstunnel
In the apache config I added
<Location /ipython>
ProxyPass http://localhost:8888/ipython
ProxyPassReverse http://localhost:8888/ipython
ProxyPassReverseCookieDomain localhost my.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /ipython/api/kernels/>
ProxyPass ws://localhost:8888/ipython/api/kernels/
ProxyPassReverse ws://localhost:8888/ipython/api/kernels/
</Location>
to an SSL enabled virtual host definition.
The RequestHeader set Origin "http://localhost:8888"
was necessary for the websockets, otherwise you get a 403 Forbidden.
Now IPython is reachable at https://my.server.com/ipython
(no trailing /
!).
Solution 2
WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.
I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.
1. Set up iPython:
This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.
2. Configure Apache:
- Make sure you have the following mods available and enabled.
./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headers
Added --enable-headers
here as they were not installed on mine. Also I used the Apache2 a2enmod command. So sudo a2enmod headers
, sudo a2enmod proxy
, etc.
If you're running a version of Apache prior to 2.4, you do not have the proxy_wstunnel
mod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over both mod_proxy.so
and mod_proxy_wstunnel.so
. To get the configure
script, you need to run ./buildconfig
, which has its own dependencies. This is noted in a comment therein.
-
Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to
httpd.conf
orports.conf
. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.Listen [ANY PORT HERE] # post has port 8999 here... ... <VirtualHost *:[ANY PORT HERE]> SSLProxyEngine On # post did not have this... ProxyPass / http://127.0.0.1:8888/ ProxyPassReverse / http://127.0.0.1:8888/ # spoof headers to make notepad accept the request as coming from the same origin Header set Origin "http://127.0.0.1:8888/" RequestHeader set Origin "http://127.0.0.1:8888/" LogLevel debug </VirtualHost>
NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:
<VirtualHost *:80> ... # Everything is the same here... </VirtualHost>
NOTE 2: Since you are using SSL, you need to add
SSLProxyEngine On
within the body of theVirtualHost
definition. As noted above, the post did not have this specifically.NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.
NOTE 4: If you want to host multiple applications, and this is one of them, rather than having
/
and:8888/
, you will want/ipython
and:8888/ipython
or whatever you want this to be named. In order to support this, see Running with a different URL prefix. Enable the new configuration:
sudo a2ensite iPython
If you need to disable:
sudo a2dissite iPython
- Reload Apache:
sudo service apache2 reload
My Environment:
Ubuntu 14.04.1
Apache 2.4.7
ipython 2.3.0
EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.
Solution 3
Based on Apache's config of @adam, I'm putting here a full SSL-aware <VirualHost>
sections but without the /ipython
prefix, and i'm giving also the SSL-options for anyone interested:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName some.server.com
SSLEngine off
Redirect permanent / https://some.server.com
</VirtualHost>
## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
#
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName some.server.com
SSLEngine on
SSLCertificateFile some_server_com.crt
SSLCertificateKeyFile some_server_com.key
<Location />
ProxyPass http://localhost:8888/
ProxyPassReverse http://localhost:8888/
ProxyPassReverseCookieDomain localhost some.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>
<Location /api/kernels/>
ProxyPass ws://localhost:8888/api/kernels/
ProxyPassReverse ws://localhost:8888/api/kernels/
</Location>
Redirect permanent / https://some.server.com
</VirtualHost>
Solution 4
This works for jupyter and password hash:
<VirtualHost *:443>
ServerName default
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
SSLEngine on
SSLProtocol TLSv1
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /home/ubuntu/.certs/mycert.pem
ProxyPass /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/
ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
ProxyPass /notebook https://127.0.0.1:9999/notebook
ProxyPassReverse /notebook https://127.0.0.1:9999/notebook
</VirtualHost>
Solution 5
On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.
<Location /ipython/terminals/websocket/>
ProxyPass ws://localhost:8888/ipython/terminals/websocket/
ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/
</Location>
Comments
-
András Aszódi almost 2 years
I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL
https://my.server:XXXX
(where XXXX is some port number) I could use
https://my.server/py0
I am aware that IPython uses websockets and I suspect this is the part that is missing from my setup, but I simply could not find a suitably detailed description on how to configure this. Unfortunately the IPython webserver setup docs don't have much to say regarding proxies apart from this:
When behind a proxy, especially if your system or browser is set to autodetect the proxy, the notebook web application might fail to connect to the server’s websockets[...]
So I decided to try it on my own and put the following in
/etc/apache2/sites-enabled/default-ssl.conf
:SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off ProxyPass /py0/ https://localhost:10000/ ProxyPassReverse /py0/ https://localhost:10000/
Accessing IPython "directly" over the URL
https://my.server:10000
works perfectly as advertised.The URL
https://my.server/py0
(without a trailing slash) returns "404 Not found".The same with a trailing slash
https://my.server/py0/
does "work" in that it forwards tohttps://my.server/login?next=%2F
, which is then "Not found" in its own right -- obviously because the /py0/ part got lost. Maybe I should tell IPython about it but how ??Perhaps relevant version numbers: Ubuntu 14.04 LTS, Apache 2.4.7.
Perhaps relevant SO question: IPython behind nginx. However, since everything else in my setup is handled by Apache to my full satisfaction, I do not want to run Nginx in addition.
Is there any good soul out there who has successfully configured IPython notebook web servers behind Apache? If yes, then please step forward and share your knowledge :-) Many thanks!
-
András Aszódi almost 10 yearsThanks a lot, +1. Quick remark: you had
proxy_wstunnel
as a patch because you run Apache 2.2 . In Apache 2.4, the wstunnel module is included. -
sfdurbano almost 10 yearsNo worries. I added a clarification regarding the patch. Thank you!
-
sfdurbano over 9 yearsUpdated to reflect my final changes.
-
noisygecko over 9 yearsThe command "sudo a2ensite iPython" needs to be "sudo a2ensite iPython.conf". At least in my version of Apache.
-
Ivan De Paz Centeno over 7 yearsIn order to use
RequestHeader
you need to enablemod_headers
too (sudo a2enmod headers) -
LauriK over 7 yearsThank you! I was going nuts and I think I was just missing the allow_origin in the configuration file..
-
Pablo Reyes over 7 yearsNo problem. I've just realized that I had extra slashes at the end of everything. I've just got rid of them.
-
Geremia about 7 years
RequestHeader set Origin "http://localhost:8888"
fixed it for me! Thank you! (I also use CSP, so I had to add / allowwss:
there, too.)