HTTPS¶
The software included in the AMI uses HTTP
for communication.
We strongly encourage adding SSL termination.
This can be achieved using an external load balancer such as AWS ALB or other domain hosting services like Cloudflare.
Enable HTTPS¶
- Create a file name:
/opt/jupyterhub/config/jupyterhub_https
- Restart the JuptyerHub service:
In some cases this is all you need. For example if you are using CloudFlare with
the Flexible
SSL option, this setup will give you SSL termination between the
browser and Cloudflare. Which is enough for most cases.
Depending on the desired DNS configuration you might need to configure SSL termination on the EC2 instance, see below.
If you do this you will have SSL termination between the DNS provider and the EC2 instance.
- In cloudflare this is equivalent to the
Full
andFull (strict)
SSL settings.
Configure SSL termination at the EC2 instance¶
If you need to enable SSL between the Load Balancer and the EC2 instance:
- Generate the certificates for the target DNS and move them to the EC2 instance
- Configure the DNS to point to the EC2 IP address
- Update the
/opt/jupyterhub/state/traefik.toml
file. Uncomment the SSL lines by point them to the path of the certificates on the instance
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/path/to/certs/traefik.crt"
keyFile = "/path/to/certs/traefik.key"
Finally tell the JupyterHub service to use HTTPS
:
- Create a file named:
/opt/jupyterhub/config/jupyterhub_https
- Restart the JuptyerHub service: