public_server.rst
148 lines
| 5.6 KiB
| text/x-rst
|
RstLexer
Thomas Kluyver
|
r13465 | .. _working_remotely: | ||
David P. Sanders
|
r11792 | |||
Paul Ivanov
|
r12098 | Running a notebook server | ||
========================= | ||||
David P. Sanders
|
r11792 | |||
Paul Ivanov
|
r12098 | The :ref:`IPython notebook <htmlnotebook>` web-application is based on a | ||
server-client structure. This server uses a :ref:`two-process kernel | ||||
architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving | ||||
HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/ | ||||
and is accessible only from `localhost`. This document describes how you can | ||||
:ref:`secure a notebook server <notebook_security>` and how to :ref:`run it on | ||||
a public interface <notebook_public_server>`. | ||||
David P. Sanders
|
r11792 | |||
David P. Sanders
|
r12097 | .. _ZeroMQ: http://zeromq.org | ||
.. _Tornado: http://www.tornadoweb.org | ||||
David P. Sanders
|
r11792 | .. _notebook_security: | ||
Paul Ivanov
|
r12098 | Notebook security | ||
----------------- | ||||
David P. Sanders
|
r11792 | |||
Paul Ivanov
|
r12098 | You can protect your notebook server with a simple single password by | ||
David P. Sanders
|
r11792 | setting the :attr:`NotebookApp.password` configurable. You can prepare a | ||
hashed password using the function :func:`IPython.lib.security.passwd`: | ||||
.. sourcecode:: ipython | ||||
In [1]: from IPython.lib import passwd | ||||
In [2]: passwd() | ||||
Enter password: | ||||
Verify password: | ||||
Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | ||||
.. note:: | ||||
:func:`~IPython.lib.security.passwd` can also take the password as a string | ||||
argument. **Do not** pass it as an argument inside an IPython session, as it | ||||
will be saved in your input history. | ||||
You can then add this to your :file:`ipython_notebook_config.py`, e.g.:: | ||||
# Password to use for web authentication | ||||
c = get_config() | ||||
c.NotebookApp.password = | ||||
u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | ||||
When using a password, it is a good idea to also use SSL, so that your | ||||
password is not sent unencrypted by your browser. You can start the notebook | ||||
to communicate via a secure protocol mode using a self-signed certificate with | ||||
the command:: | ||||
$ ipython notebook --certfile=mycert.pem | ||||
.. note:: | ||||
A self-signed certificate can be generated with ``openssl``. For example, | ||||
the following command will create a certificate valid for 365 days with | ||||
both the key and certificate data written to the same file:: | ||||
MinRK
|
r12348 | $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem | ||
David P. Sanders
|
r11792 | |||
Your browser will warn you of a dangerous certificate because it is | ||||
self-signed. If you want to have a fully compliant certificate that will not | ||||
raise warnings, it is possible (but rather involved) to obtain one, | ||||
David P. Sanders
|
r12097 | as explained in detail in `this tutorial`__. | ||
David P. Sanders
|
r11792 | |||
Paul Ivanov
|
r12098 | .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars | ||
David P. Sanders
|
r11792 | |||
Keep in mind that when you enable SSL support, you will need to access the | ||||
notebook server over ``https://``, not over plain ``http://``. The startup | ||||
message from the server prints this, but it is easy to overlook and think the | ||||
server is for some reason non-responsive. | ||||
Paul Ivanov
|
r12098 | .. _notebook_public_server: | ||
David P. Sanders
|
r11792 | |||
Running a public notebook server | ||||
-------------------------------- | ||||
If you want to access your notebook server remotely via a web browser, | ||||
you can do the following. | ||||
Start by creating a certificate file and a hashed password, as explained | ||||
above. Then create a custom profile for the notebook, with the following | ||||
command line, type:: | ||||
$ ipython profile create nbserver | ||||
In the profile directory just created, edit the file | ||||
``ipython_notebook_config.py``. By default, the file has all fields | ||||
commented; the minimum set you need to uncomment and edit is the following:: | ||||
c = get_config() | ||||
# Kernel config | ||||
c.IPKernelApp.pylab = 'inline' # if you want plotting support always | ||||
# Notebook config | ||||
c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem' | ||||
c.NotebookApp.ip = '*' | ||||
c.NotebookApp.open_browser = False | ||||
c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]' | ||||
# It is a good idea to put it on a known, fixed port | ||||
c.NotebookApp.port = 9999 | ||||
You can then start the notebook and access it later by pointing your browser | ||||
to ``https://your.host.com:9999`` with ``ipython notebook | ||||
--profile=nbserver``. | ||||
Running with a different URL prefix | ||||
----------------------------------- | ||||
The notebook dashboard (the landing page with an overview | ||||
of the notebooks in your working directory) typically lives at the URL | ||||
``http://localhost:8888/``. If you prefer that it lives, together with the | ||||
rest of the notebook, under a sub-directory, | ||||
e.g. ``http://localhost:8888/ipython/``, you can do so with | ||||
configuration options like the following (see above for instructions about | ||||
modifying ``ipython_notebook_config.py``):: | ||||
c.NotebookApp.base_project_url = '/ipython/' | ||||
c.NotebookApp.base_kernel_url = '/ipython/' | ||||
c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'} | ||||
Using a different notebook store | ||||
-------------------------------- | ||||
Paul Ivanov
|
r12098 | By default, the notebook server stores the notebook documents that it saves as | ||
files in the working directory of the notebook server, also known as the | ||||
David P. Sanders
|
r11792 | ``notebook_dir``. This logic is implemented in the | ||
:class:`FileNotebookManager` class. However, the server can be configured to | ||||
use a different notebook manager class, which can | ||||
store the notebooks in a different format. | ||||
Known issues | ||||
------------ | ||||
When behind a proxy, especially if your system or browser is set to autodetect | ||||
Paul Ivanov
|
r12098 | the proxy, the notebook web application might fail to connect to the server's | ||
websockets, and present you with a warning at startup. In this case, you need | ||||
to configure your system not to use the proxy for the server's address. | ||||
David P. Sanders
|
r11792 | |||
For example, in Firefox, go to the Preferences panel, Advanced section, | ||||
Network tab, click 'Settings...', and add the address of the notebook server | ||||
to the 'No proxy for' field. | ||||