Show More
@@ -1,156 +1,168 b'' | |||||
1 | .. _working_remotely: |
|
1 | .. _working_remotely: | |
2 |
|
2 | |||
3 | Running a notebook server |
|
3 | Running a notebook server | |
4 | ========================= |
|
4 | ========================= | |
5 |
|
5 | |||
6 |
|
6 | |||
7 | The :ref:`IPython notebook <htmlnotebook>` web-application is based on a |
|
7 | The :ref:`IPython notebook <htmlnotebook>` web-application is based on a | |
8 | server-client structure. This server uses a :ref:`two-process kernel |
|
8 | server-client structure. This server uses a :ref:`two-process kernel | |
9 | architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving |
|
9 | architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving | |
10 | HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/ |
|
10 | HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/ | |
11 | and is accessible only from `localhost`. This document describes how you can |
|
11 | and is accessible only from `localhost`. This document describes how you can | |
12 | :ref:`secure a notebook server <notebook_server_security>` and how to :ref:`run it on |
|
12 | :ref:`secure a notebook server <notebook_server_security>` and how to :ref:`run it on | |
13 | a public interface <notebook_public_server>`. |
|
13 | a public interface <notebook_public_server>`. | |
14 |
|
14 | |||
15 | .. _ZeroMQ: http://zeromq.org |
|
15 | .. _ZeroMQ: http://zeromq.org | |
16 |
|
16 | |||
17 | .. _Tornado: http://www.tornadoweb.org |
|
17 | .. _Tornado: http://www.tornadoweb.org | |
18 |
|
18 | |||
19 |
|
19 | |||
20 | .. _notebook_server_security: |
|
20 | .. _notebook_server_security: | |
21 |
|
21 | |||
22 | Securing a notebook server |
|
22 | Securing a notebook server | |
23 | -------------------------- |
|
23 | -------------------------- | |
24 |
|
24 | |||
25 | You can protect your notebook server with a simple single password by |
|
25 | You can protect your notebook server with a simple single password by | |
26 | setting the :attr:`NotebookApp.password` configurable. You can prepare a |
|
26 | setting the :attr:`NotebookApp.password` configurable. You can prepare a | |
27 | hashed password using the function :func:`IPython.lib.security.passwd`: |
|
27 | hashed password using the function :func:`IPython.lib.security.passwd`: | |
28 |
|
28 | |||
29 | .. sourcecode:: ipython |
|
29 | .. sourcecode:: ipython | |
30 |
|
30 | |||
31 | In [1]: from IPython.lib import passwd |
|
31 | In [1]: from IPython.lib import passwd | |
32 | In [2]: passwd() |
|
32 | In [2]: passwd() | |
33 | Enter password: |
|
33 | Enter password: | |
34 | Verify password: |
|
34 | Verify password: | |
35 | Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' |
|
35 | Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | |
36 |
|
36 | |||
37 | .. note:: |
|
37 | .. note:: | |
38 |
|
38 | |||
39 | :func:`~IPython.lib.security.passwd` can also take the password as a string |
|
39 | :func:`~IPython.lib.security.passwd` can also take the password as a string | |
40 | argument. **Do not** pass it as an argument inside an IPython session, as it |
|
40 | argument. **Do not** pass it as an argument inside an IPython session, as it | |
41 | will be saved in your input history. |
|
41 | will be saved in your input history. | |
42 |
|
42 | |||
43 | You can then add this to your :file:`ipython_notebook_config.py`, e.g.:: |
|
43 | You can then add this to your :file:`ipython_notebook_config.py`, e.g.:: | |
44 |
|
44 | |||
45 | # Password to use for web authentication |
|
45 | # Password to use for web authentication | |
46 | c = get_config() |
|
46 | c = get_config() | |
47 | c.NotebookApp.password = |
|
47 | c.NotebookApp.password = | |
48 | u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' |
|
48 | u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' | |
49 |
|
49 | |||
50 | When using a password, it is a good idea to also use SSL, so that your |
|
50 | When using a password, it is a good idea to also use SSL, so that your | |
51 | password is not sent unencrypted by your browser. You can start the notebook |
|
51 | password is not sent unencrypted by your browser. You can start the notebook | |
52 | to communicate via a secure protocol mode using a self-signed certificate with |
|
52 | to communicate via a secure protocol mode using a self-signed certificate with | |
53 | the command:: |
|
53 | the command:: | |
54 |
|
54 | |||
55 | $ ipython notebook --certfile=mycert.pem |
|
55 | $ ipython notebook --certfile=mycert.pem | |
56 |
|
56 | |||
57 | .. note:: |
|
57 | .. note:: | |
58 |
|
58 | |||
59 | A self-signed certificate can be generated with ``openssl``. For example, |
|
59 | A self-signed certificate can be generated with ``openssl``. For example, | |
60 | the following command will create a certificate valid for 365 days with |
|
60 | the following command will create a certificate valid for 365 days with | |
61 | both the key and certificate data written to the same file:: |
|
61 | both the key and certificate data written to the same file:: | |
62 |
|
62 | |||
63 | $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem |
|
63 | $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem | |
64 |
|
64 | |||
65 | Your browser will warn you of a dangerous certificate because it is |
|
65 | Your browser will warn you of a dangerous certificate because it is | |
66 | self-signed. If you want to have a fully compliant certificate that will not |
|
66 | self-signed. If you want to have a fully compliant certificate that will not | |
67 | raise warnings, it is possible (but rather involved) to obtain one, |
|
67 | raise warnings, it is possible (but rather involved) to obtain one, | |
68 | as explained in detail in `this tutorial`__. |
|
68 | as explained in detail in `this tutorial`__. | |
69 |
|
69 | |||
70 | .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars |
|
70 | .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars | |
71 |
|
71 | |||
72 | Keep in mind that when you enable SSL support, you will need to access the |
|
72 | Keep in mind that when you enable SSL support, you will need to access the | |
73 | notebook server over ``https://``, not over plain ``http://``. The startup |
|
73 | notebook server over ``https://``, not over plain ``http://``. The startup | |
74 | message from the server prints this, but it is easy to overlook and think the |
|
74 | message from the server prints this, but it is easy to overlook and think the | |
75 | server is for some reason non-responsive. |
|
75 | server is for some reason non-responsive. | |
76 |
|
76 | |||
77 |
|
77 | |||
78 | .. _notebook_public_server: |
|
78 | .. _notebook_public_server: | |
79 |
|
79 | |||
80 | Running a public notebook server |
|
80 | Running a public notebook server | |
81 | -------------------------------- |
|
81 | -------------------------------- | |
82 |
|
82 | |||
83 | If you want to access your notebook server remotely via a web browser, |
|
83 | If you want to access your notebook server remotely via a web browser, | |
84 | you can do the following. |
|
84 | you can do the following. | |
85 |
|
85 | |||
86 | Start by creating a certificate file and a hashed password, as explained |
|
86 | Start by creating a certificate file and a hashed password, as explained | |
87 | above. Then create a custom profile for the notebook, with the following |
|
87 | above. Then create a custom profile for the notebook, with the following | |
88 | command line, type:: |
|
88 | command line, type:: | |
89 |
|
89 | |||
90 | $ ipython profile create nbserver |
|
90 | $ ipython profile create nbserver | |
91 |
|
91 | |||
92 | In the profile directory just created, edit the file |
|
92 | In the profile directory just created, edit the file | |
93 | ``ipython_notebook_config.py``. By default, the file has all fields |
|
93 | ``ipython_notebook_config.py``. By default, the file has all fields | |
94 | commented; the minimum set you need to uncomment and edit is the following:: |
|
94 | commented; the minimum set you need to uncomment and edit is the following:: | |
95 |
|
95 | |||
96 | c = get_config() |
|
96 | c = get_config() | |
97 |
|
97 | |||
98 | # Notebook config |
|
98 | # Notebook config | |
99 | c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem' |
|
99 | c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem' | |
100 | c.NotebookApp.ip = '*' |
|
100 | c.NotebookApp.ip = '*' | |
101 | c.NotebookApp.open_browser = False |
|
101 | c.NotebookApp.open_browser = False | |
102 | c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]' |
|
102 | c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]' | |
103 | # It is a good idea to put it on a known, fixed port |
|
103 | # It is a good idea to put it on a known, fixed port | |
104 | c.NotebookApp.port = 9999 |
|
104 | c.NotebookApp.port = 9999 | |
105 |
|
105 | |||
106 | You can then start the notebook and access it later by pointing your browser |
|
106 | You can then start the notebook and access it later by pointing your browser | |
107 | to ``https://your.host.com:9999`` with ``ipython notebook |
|
107 | to ``https://your.host.com:9999`` with ``ipython notebook | |
108 | --profile=nbserver``. |
|
108 | --profile=nbserver``. | |
109 |
|
109 | |||
|
110 | ||||
|
111 | Firewall Setup | |||
|
112 | `````````````` | |||
|
113 | ||||
|
114 | To function correctly, the firewall on the computer running the ipython server must be | |||
|
115 | configured to allow connections from client machines on the ``c.NotebookApp.port`` | |||
|
116 | port to allow connections to the web interface. The firewall must also allow | |||
|
117 | connections from 127.0.0.1 (localhost) on ports from 49152 to 65535. | |||
|
118 | These ports are used by the server to communicate with the notebook kernels. | |||
|
119 | The kernel communication ports are chosen randomly by ZeroMQ, and may require | |||
|
120 | multiple connections per kernel, so a large range of ports must be accessible. | |||
|
121 | ||||
110 | Running with a different URL prefix |
|
122 | Running with a different URL prefix | |
111 | ----------------------------------- |
|
123 | ----------------------------------- | |
112 |
|
124 | |||
113 | The notebook dashboard (the landing page with an overview |
|
125 | The notebook dashboard (the landing page with an overview | |
114 | of the notebooks in your working directory) typically lives at the URL |
|
126 | of the notebooks in your working directory) typically lives at the URL | |
115 | ``http://localhost:8888/``. If you prefer that it lives, together with the |
|
127 | ``http://localhost:8888/``. If you prefer that it lives, together with the | |
116 | rest of the notebook, under a sub-directory, |
|
128 | rest of the notebook, under a sub-directory, | |
117 | e.g. ``http://localhost:8888/ipython/``, you can do so with |
|
129 | e.g. ``http://localhost:8888/ipython/``, you can do so with | |
118 | configuration options like the following (see above for instructions about |
|
130 | configuration options like the following (see above for instructions about | |
119 | modifying ``ipython_notebook_config.py``):: |
|
131 | modifying ``ipython_notebook_config.py``):: | |
120 |
|
132 | |||
121 | c.NotebookApp.base_url = '/ipython/' |
|
133 | c.NotebookApp.base_url = '/ipython/' | |
122 | c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'} |
|
134 | c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'} | |
123 |
|
135 | |||
124 | Using a different notebook store |
|
136 | Using a different notebook store | |
125 | -------------------------------- |
|
137 | -------------------------------- | |
126 |
|
138 | |||
127 | By default, the notebook server stores the notebook documents that it saves as |
|
139 | By default, the notebook server stores the notebook documents that it saves as | |
128 | files in the working directory of the notebook server, also known as the |
|
140 | files in the working directory of the notebook server, also known as the | |
129 | ``notebook_dir``. This logic is implemented in the |
|
141 | ``notebook_dir``. This logic is implemented in the | |
130 | :class:`FileNotebookManager` class. However, the server can be configured to |
|
142 | :class:`FileNotebookManager` class. However, the server can be configured to | |
131 | use a different notebook manager class, which can |
|
143 | use a different notebook manager class, which can | |
132 | store the notebooks in a different format. |
|
144 | store the notebooks in a different format. | |
133 |
|
145 | |||
134 | The bookstore_ package currently allows users to store notebooks on Rackspace |
|
146 | The bookstore_ package currently allows users to store notebooks on Rackspace | |
135 | CloudFiles or OpenStack Swift based object stores. |
|
147 | CloudFiles or OpenStack Swift based object stores. | |
136 |
|
148 | |||
137 | Writing a notebook manager is as simple as extending the base class |
|
149 | Writing a notebook manager is as simple as extending the base class | |
138 | :class:`NotebookManager`. The simple_notebook_manager_ provides a great example |
|
150 | :class:`NotebookManager`. The simple_notebook_manager_ provides a great example | |
139 | of an in memory notebook manager, created solely for the purpose of |
|
151 | of an in memory notebook manager, created solely for the purpose of | |
140 | illustrating the notebook manager API. |
|
152 | illustrating the notebook manager API. | |
141 |
|
153 | |||
142 | .. _bookstore: https://github.com/rgbkrk/bookstore |
|
154 | .. _bookstore: https://github.com/rgbkrk/bookstore | |
143 |
|
155 | |||
144 | .. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager |
|
156 | .. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager | |
145 |
|
157 | |||
146 | Known issues |
|
158 | Known issues | |
147 | ------------ |
|
159 | ------------ | |
148 |
|
160 | |||
149 | When behind a proxy, especially if your system or browser is set to autodetect |
|
161 | When behind a proxy, especially if your system or browser is set to autodetect | |
150 | the proxy, the notebook web application might fail to connect to the server's |
|
162 | the proxy, the notebook web application might fail to connect to the server's | |
151 | websockets, and present you with a warning at startup. In this case, you need |
|
163 | websockets, and present you with a warning at startup. In this case, you need | |
152 | to configure your system not to use the proxy for the server's address. |
|
164 | to configure your system not to use the proxy for the server's address. | |
153 |
|
165 | |||
154 | For example, in Firefox, go to the Preferences panel, Advanced section, |
|
166 | For example, in Firefox, go to the Preferences panel, Advanced section, | |
155 | Network tab, click 'Settings...', and add the address of the notebook server |
|
167 | Network tab, click 'Settings...', and add the address of the notebook server | |
156 | to the 'No proxy for' field. |
|
168 | to the 'No proxy for' field. |
General Comments 0
You need to be logged in to leave comments.
Login now