How to run IPython behind an Apache proxy

apache proxy ipython reverse-proxy
13,426

Solution 1

I got this working using the following setup.

IPython

IPython Notebook is listening at http://localhost:8888/ipython. It was necessary to add the /ipython prefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.

The ipython_notebook_config.py

c = get_config()
c.NotebookApp.ip = 'localhost'
c.NotebookApp.open_browser = False
c.NotebookApp.port = 8888
c.NotebookApp.base_url = '/ipython'

Apache

I enabled

  • mod_proxy
  • mod_proxy_http
  • mod_proxy_wstunnel

In the apache config I added

<Location /ipython>
ProxyPass        http://localhost:8888/ipython
ProxyPassReverse http://localhost:8888/ipython
ProxyPassReverseCookieDomain localhost my.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>

<Location /ipython/api/kernels/>
ProxyPass        ws://localhost:8888/ipython/api/kernels/
ProxyPassReverse ws://localhost:8888/ipython/api/kernels/
</Location>

to an SSL enabled virtual host definition.

The RequestHeader set Origin "http://localhost:8888" was necessary for the websockets, otherwise you get a 403 Forbidden.

Now IPython is reachable at https://my.server.com/ipython (no trailing /!).

Solution 2

WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.

I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.

1. Set up iPython:

This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.

2. Configure Apache:

  1. Make sure you have the following mods available and enabled.

./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headers

Added --enable-headers here as they were not installed on mine. Also I used the Apache2 a2enmod command. So sudo a2enmod headers, sudo a2enmod proxy, etc.

If you're running a version of Apache prior to 2.4, you do not have the proxy_wstunnel mod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over both mod_proxy.so and mod_proxy_wstunnel.so. To get the configure script, you need to run ./buildconfig, which has its own dependencies. This is noted in a comment therein.

  1. Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to httpd.conf or ports.conf. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.

    Listen [ANY PORT HERE] # post has port 8999 here... ... <VirtualHost *:[ANY PORT HERE]> SSLProxyEngine On # post did not have this... ProxyPass / http://127.0.0.1:8888/ ProxyPassReverse / http://127.0.0.1:8888/ # spoof headers to make notepad accept the request as coming from the same origin Header set Origin "http://127.0.0.1:8888/" RequestHeader set Origin "http://127.0.0.1:8888/" LogLevel debug </VirtualHost>

    NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:

    <VirtualHost *:80> ... # Everything is the same here... </VirtualHost>

    NOTE 2: Since you are using SSL, you need to add SSLProxyEngine On within the body of the VirtualHost definition. As noted above, the post did not have this specifically.

    NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.

    NOTE 4: If you want to host multiple applications, and this is one of them, rather than having / and :8888/, you will want /ipython and :8888/ipython or whatever you want this to be named. In order to support this, see Running with a different URL prefix.

  2. Enable the new configuration: sudo a2ensite iPython

If you need to disable: sudo a2dissite iPython

  1. Reload Apache: sudo service apache2 reload

My Environment:

Ubuntu 14.04.1 Apache 2.4.7 ipython 2.3.0

EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.

Solution 3

Based on Apache's config of @adam, I'm putting here a full SSL-aware <VirualHost> sections but without the /ipython prefix, and i'm giving also the SSL-options for anyone interested:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName some.server.com
    SSLEngine off

    Redirect permanent / https://some.server.com
</VirtualHost>

## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
#
<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName some.server.com

    SSLEngine on

    SSLCertificateFile              some_server_com.crt
    SSLCertificateKeyFile           some_server_com.key


    <Location />
        ProxyPass        http://localhost:8888/
        ProxyPassReverse http://localhost:8888/
        ProxyPassReverseCookieDomain localhost some.server.com
        RequestHeader set Origin "http://localhost:8888"
    </Location>

    <Location /api/kernels/>
        ProxyPass        ws://localhost:8888/api/kernels/
        ProxyPassReverse ws://localhost:8888/api/kernels/
    </Location>

    Redirect permanent / https://some.server.com
</VirtualHost>

Solution 4

This works for jupyter and password hash:

<VirtualHost *:443>
    ServerName  default
    ProxyPreserveHost On
    ProxyRequests off
    SSLProxyEngine on
    SSLEngine on
    SSLProtocol TLSv1
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLCertificateFile      /home/ubuntu/.certs/mycert.pem

    ProxyPass /notebook/terminals/websocket/       wss://localhost:9999/notebook/terminals/websocket/
    ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/

    ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
    ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/

    ProxyPass /notebook https://127.0.0.1:9999/notebook
    ProxyPassReverse /notebook https://127.0.0.1:9999/notebook
</VirtualHost>

Solution 5

On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.

<Location /ipython/terminals/websocket/>
     ProxyPass        ws://localhost:8888/ipython/terminals/websocket/
     ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/
</Location>
Share:
13,426
András Aszódi
Author by

András Aszódi

I work in the field of computational thaumaturgy.

Updated on June 07, 2022

Comments

  • András Aszódi
    András Aszódi almost 2 years

    I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL

    https://my.server:XXXX

    (where XXXX is some port number) I could use

    https://my.server/py0

    I am aware that IPython uses websockets and I suspect this is the part that is missing from my setup, but I simply could not find a suitably detailed description on how to configure this. Unfortunately the IPython webserver setup docs don't have much to say regarding proxies apart from this:

    When behind a proxy, especially if your system or browser is set to autodetect the proxy, the notebook web application might fail to connect to the server’s websockets[...]

    So I decided to try it on my own and put the following in /etc/apache2/sites-enabled/default-ssl.conf :

                SSLProxyEngine On
            SSLProxyVerify none
            SSLProxyCheckPeerCN off
            SSLProxyCheckPeerName off
            ProxyPass       /py0/ https://localhost:10000/
            ProxyPassReverse        /py0/ https://localhost:10000/

    Accessing IPython "directly" over the URL https://my.server:10000 works perfectly as advertised.

    The URL https://my.server/py0 (without a trailing slash) returns "404 Not found".

    The same with a trailing slash https://my.server/py0/ does "work" in that it forwards to https://my.server/login?next=%2F, which is then "Not found" in its own right -- obviously because the /py0/ part got lost. Maybe I should tell IPython about it but how ??

    Perhaps relevant version numbers: Ubuntu 14.04 LTS, Apache 2.4.7.

    Perhaps relevant SO question: IPython behind nginx. However, since everything else in my setup is handled by Apache to my full satisfaction, I do not want to run Nginx in addition.

    Is there any good soul out there who has successfully configured IPython notebook web servers behind Apache? If yes, then please step forward and share your knowledge :-) Many thanks!

  • András Aszódi
    András Aszódi almost 10 years
    Thanks a lot, +1. Quick remark: you had proxy_wstunnel as a patch because you run Apache 2.2 . In Apache 2.4, the wstunnel module is included.
  • sfdurbano
    sfdurbano almost 10 years
    No worries. I added a clarification regarding the patch. Thank you!
  • sfdurbano
    sfdurbano over 9 years
    Updated to reflect my final changes.
  • noisygecko
    noisygecko over 9 years
    The command "sudo a2ensite iPython" needs to be "sudo a2ensite iPython.conf". At least in my version of Apache.
  • Ivan De Paz Centeno
    Ivan De Paz Centeno over 7 years
    In order to use RequestHeader you need to enable mod_headers too (sudo a2enmod headers)
  • LauriK
    LauriK over 7 years
    Thank you! I was going nuts and I think I was just missing the allow_origin in the configuration file..
  • Pablo Reyes
    Pablo Reyes over 7 years
    No problem. I've just realized that I had extra slashes at the end of everything. I've just got rid of them.
  • Geremia
    Geremia about 7 years
    RequestHeader set Origin "http://localhost:8888" fixed it for me! Thank you! (I also use CSP, so I had to add / allow wss: there, too.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache ProxyPass with dynamic hostname
Apache server reverse-proxying another apache server, getting "AH01102: error reading status line from remote server"
Is it possible to use relative path in ProxyPass/ProxyPassReverse?
WebSocket through SSL with Apache reverse proxy
Apache port forward
Apache reverse proxy with basic authentication
How to connect socket.io through a reverse proxy
HTTP SSL Proxy with Java Apache HttpClient
Jenkins proxy 407 error
502 Proxy Errors between IIS and Apache2