A public notebook server needs to be secure. You should set a password and use an SSL certificate to connect to it. We need the certificate to provide secure communication over HTTPS (for more information, see https://en.wikipedia.org/wiki/Transport_Layer_Security). HTTPS adds a secure layer on top of the standard HTTP protocol widely used on the Internet. HTTPS also encrypts data sent from the client to the server and back. A certificate authority is often a commercial organization that issues certificates for websites. Web browsers have knowledge of certificate authorities and can recognize certificates. A website administrator needs to create a certificate and get it signed by a certificate authority.
The following steps describe how to configure a secure notebook server:
We can generate a password from IPython. Start a new IPython session and type in the following commands:
In [1]: from IPython.lib import passwd In [2]: passwd() Enter password: Verify password: Out[2]: 'sha1:0e422dfccef2:84cfbcbb3ef95872fb8e23be3999c123f862d856'
At the second input line, you will be prompted for a password. You need to remember this password. A long string is generated. Copy this string because you will need it later on.
To create a SSL certificate, you will need the
openssl
command in your path.Setting up the
openssl
command is not rocket science, but it can be tricky. Unfortunately, it is outside the scope of this book. On the brighter side, there are plenty of tutorials available online to help you further.Execute the following command to create a certificate with
mycert.pem
as the name:$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem Generating a 1024 bit RSA private key ......++++++ ........................++++++ writing new private key to 'mycert.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []:
The
openssl
utility prompts you to fill in some fields. For more information, check out the relevant man page (short for manual page) as follows:$ man openssl
Create a special profile for the server using the following command:
$ ipython profile create nbserver
Edit the configuration file. In this example, it can be found in
~/.ipython/profile_nbserver/ipython_notebook_config.py
.The configuration file is pretty large, so we will omit most of the lines in it. The lines that we need to change at minimum are as follows:
c.NotebookApp.certfile = u'/absolute/path/to/your/certificate' c.NotebookApp.password = u'sha1:b...your password' c.NotebookApp.port = 9999
Notice that we are pointing to the SSL certificate we created. We set a password and changed the port to 9999.
Using the following command, start the server to check whether the changes worked:
$ ipython notebook --profile=nbserver [NotebookApp] Using existing profile dir: u'/Users/ivanidris/.ipython/profile_nbserver' [NotebookApp] The IPython Notebook is running at: https://127.0.0.1:9999 [NotebookApp] Use Control-C to stop this server and shut down all kernels.
The server is running on port 9999, and you need to connect to it via https. If everything goes well, you should see a login page. Also, you will probably need to accept a security exception in your browser.
We created a special profile for our public server. There are some sample profiles that are already present, such as the default profile. Creating a profile adds a profile_<profilename>
folder to the .ipython
directory with a configuration file, among others. The profile can then be loaded with the --profile=<profile_name>
command-line option. We can list the profiles with the following command:
$ ipython profile list Available profiles in IPython: cluster math pysh python3 The first request for a bundled profile will copy it into your IPython directory (/Users/ivanidris/.ipython), where you can customize it. Available profiles in /Users/ivanidris/.ipython: default nbserver sh
IPython documentation for the
passwd()
function at http://ipython.org/ipython-doc/2/api/generated/IPython.lib.security.htmlOpenSSL documentation at https://www.openssl.org/docs/apps/openssl.html