working_remotely.rst
182 lines
| 6.9 KiB
| text/x-rst
|
RstLexer
David P. Sanders
|
r11792 | .. _working_remotely.txt | ||
| Working remotely | ||||
| ================ | ||||
| The IPython Notebook web app is based on a server-client structure. | ||||
| This server uses a two-process kernel architecture based on ZeroMQ, as well as | ||||
| Tornado for serving HTTP requests. Other clients may connect to the same | ||||
| underlying IPython kernel; see below. | ||||
| .. _notebook_security: | ||||
| Security | ||||
| -------- | ||||
| You can protect your Notebook server with a simple single password by | ||||
| setting the :attr:`NotebookApp.password` configurable. You can prepare a | ||||
| hashed password using the function :func:`IPython.lib.security.passwd`: | ||||
| .. sourcecode:: ipython | ||||
| In [1]: from IPython.lib import passwd | ||||
| In [2]: passwd() | ||||
| Enter password: | ||||
| Verify password: | ||||
| Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | ||||
| .. note:: | ||||
| :func:`~IPython.lib.security.passwd` can also take the password as a string | ||||
| argument. **Do not** pass it as an argument inside an IPython session, as it | ||||
| will be saved in your input history. | ||||
| You can then add this to your :file:`ipython_notebook_config.py`, e.g.:: | ||||
| # Password to use for web authentication | ||||
| c = get_config() | ||||
| c.NotebookApp.password = | ||||
| u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | ||||
| When using a password, it is a good idea to also use SSL, so that your | ||||
| password is not sent unencrypted by your browser. You can start the notebook | ||||
| to communicate via a secure protocol mode using a self-signed certificate with | ||||
| the command:: | ||||
| $ ipython notebook --certfile=mycert.pem | ||||
| .. note:: | ||||
| A self-signed certificate can be generated with ``openssl``. For example, | ||||
| the following command will create a certificate valid for 365 days with | ||||
| both the key and certificate data written to the same file:: | ||||
| $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert. | ||||
| pem -out mycert.pem | ||||
| Your browser will warn you of a dangerous certificate because it is | ||||
| self-signed. If you want to have a fully compliant certificate that will not | ||||
| raise warnings, it is possible (but rather involved) to obtain one, | ||||
| `as explained in detailed in this tutorial`__. | ||||
| .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a- | ||||
| secure-sertificate-for-free.ars | ||||
| Keep in mind that when you enable SSL support, you will need to access the | ||||
| notebook server over ``https://``, not over plain ``http://``. The startup | ||||
| message from the server prints this, but it is easy to overlook and think the | ||||
| server is for some reason non-responsive. | ||||
| Connecting to an existing kernel | ||||
| --------------------------------- | ||||
| The notebook server always prints to the terminal the full details of | ||||
| how to connect to each kernel, with messages such as the following:: | ||||
| [IPKernelApp] To connect another client to this kernel, use: | ||||
| [IPKernelApp] --existing kernel-3bb93edd-6b5a-455c-99c8-3b658f45dde5.json | ||||
| This long string is the name of a JSON file that contains all the port and | ||||
| validation information necessary to connect to the kernel. You can then, for | ||||
| example, manually start a Qt console connected to the *same* kernel with:: | ||||
| $ ipython qtconsole --existing | ||||
| kernel-3bb93edd-6b5a-455c-99c8-3b658f45dde5.json | ||||
| If you have only a single kernel running, simply typing:: | ||||
| $ ipython qtconsole --existing | ||||
| will automatically find it. (It will always find the most recently | ||||
| started kernel if there is more than one.) You can also request this | ||||
| connection data by typing ``%connect_info``; this will print the same | ||||
| file information as well as the content of the JSON data structure it | ||||
| contains. | ||||
| Running a public notebook server | ||||
| -------------------------------- | ||||
| If you want to access your notebook server remotely via a web browser, | ||||
| you can do the following. | ||||
| Start by creating a certificate file and a hashed password, as explained | ||||
| above. Then create a custom profile for the notebook, with the following | ||||
| command line, type:: | ||||
| $ ipython profile create nbserver | ||||
| In the profile directory just created, edit the file | ||||
| ``ipython_notebook_config.py``. By default, the file has all fields | ||||
| commented; the minimum set you need to uncomment and edit is the following:: | ||||
| c = get_config() | ||||
| # Kernel config | ||||
| c.IPKernelApp.pylab = 'inline' # if you want plotting support always | ||||
| # Notebook config | ||||
| c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem' | ||||
| c.NotebookApp.ip = '*' | ||||
| c.NotebookApp.open_browser = False | ||||
| c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]' | ||||
| # It is a good idea to put it on a known, fixed port | ||||
| c.NotebookApp.port = 9999 | ||||
| You can then start the notebook and access it later by pointing your browser | ||||
| to ``https://your.host.com:9999`` with ``ipython notebook | ||||
| --profile=nbserver``. | ||||
| Running with a different URL prefix | ||||
| ----------------------------------- | ||||
| The notebook dashboard (the landing page with an overview | ||||
| of the notebooks in your working directory) typically lives at the URL | ||||
| ``http://localhost:8888/``. If you prefer that it lives, together with the | ||||
| rest of the notebook, under a sub-directory, | ||||
| e.g. ``http://localhost:8888/ipython/``, you can do so with | ||||
| configuration options like the following (see above for instructions about | ||||
| modifying ``ipython_notebook_config.py``):: | ||||
| c.NotebookApp.base_project_url = '/ipython/' | ||||
| c.NotebookApp.base_kernel_url = '/ipython/' | ||||
| c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'} | ||||
| Using a different notebook store | ||||
| -------------------------------- | ||||
| By default, the Notebook app stores the notebook documents that it saves as | ||||
| files in the working directory of the Notebook app, also known as the | ||||
| ``notebook_dir``. This logic is implemented in the | ||||
| :class:`FileNotebookManager` class. However, the server can be configured to | ||||
| use a different notebook manager class, which can | ||||
| store the notebooks in a different format. | ||||
| Currently, we ship a :class:`AzureNotebookManager` class that stores notebooks | ||||
| in Azure blob storage. This can be used by adding the following lines to your | ||||
| ``ipython_notebook_config.py`` file:: | ||||
| c.NotebookApp.notebook_manager_class = | ||||
| 'IPython.html.services.notebooks.azurenbmanager.AzureNotebookManager' | ||||
| c.AzureNotebookManager.account_name = u'paste_your_account_name_here' | ||||
| c.AzureNotebookManager.account_key = u'paste_your_account_key_here' | ||||
| c.AzureNotebookManager.container = u'notebooks' | ||||
| In addition to providing your Azure Blob Storage account name and key, you | ||||
| will have to provide a container name; you can use multiple containers to | ||||
| organize your notebooks. | ||||
| Known issues | ||||
| ------------ | ||||
| When behind a proxy, especially if your system or browser is set to autodetect | ||||
| the proxy, the Notebook app might fail to connect to the server's websockets, | ||||
| and present you with a warning at startup. In this case, you need to configure | ||||
| your system not to use the proxy for the server's address. | ||||
| For example, in Firefox, go to the Preferences panel, Advanced section, | ||||
| Network tab, click 'Settings...', and add the address of the notebook server | ||||
| to the 'No proxy for' field. | ||||