##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Merge pull request #6967 from regdoug/document-server-ports...
Kyle Kelley -
r19009:fc1fb5ad merge
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,156 +1,168 b''
1 1 .. _working_remotely:
2 2
3 3 Running a notebook server
4 4 =========================
5 5
6 6
7 7 The :ref:`IPython notebook <htmlnotebook>` web-application is based on a
8 8 server-client structure. This server uses a :ref:`two-process kernel
9 9 architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving
10 10 HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/
11 11 and is accessible only from `localhost`. This document describes how you can
12 12 :ref:`secure a notebook server <notebook_server_security>` and how to :ref:`run it on
13 13 a public interface <notebook_public_server>`.
14 14
15 15 .. _ZeroMQ: http://zeromq.org
16 16
17 17 .. _Tornado: http://www.tornadoweb.org
18 18
19 19
20 20 .. _notebook_server_security:
21 21
22 22 Securing a notebook server
23 23 --------------------------
24 24
25 25 You can protect your notebook server with a simple single password by
26 26 setting the :attr:`NotebookApp.password` configurable. You can prepare a
27 27 hashed password using the function :func:`IPython.lib.security.passwd`:
28 28
29 29 .. sourcecode:: ipython
30 30
31 31 In [1]: from IPython.lib import passwd
32 32 In [2]: passwd()
33 33 Enter password:
34 34 Verify password:
35 35 Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
36 36
37 37 .. note::
38 38
39 39 :func:`~IPython.lib.security.passwd` can also take the password as a string
40 40 argument. **Do not** pass it as an argument inside an IPython session, as it
41 41 will be saved in your input history.
42 42
43 43 You can then add this to your :file:`ipython_notebook_config.py`, e.g.::
44 44
45 45 # Password to use for web authentication
46 46 c = get_config()
47 47 c.NotebookApp.password =
48 48 u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
49 49
50 50 When using a password, it is a good idea to also use SSL, so that your
51 51 password is not sent unencrypted by your browser. You can start the notebook
52 52 to communicate via a secure protocol mode using a self-signed certificate with
53 53 the command::
54 54
55 55 $ ipython notebook --certfile=mycert.pem
56 56
57 57 .. note::
58 58
59 59 A self-signed certificate can be generated with ``openssl``. For example,
60 60 the following command will create a certificate valid for 365 days with
61 61 both the key and certificate data written to the same file::
62 62
63 63 $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
64 64
65 65 Your browser will warn you of a dangerous certificate because it is
66 66 self-signed. If you want to have a fully compliant certificate that will not
67 67 raise warnings, it is possible (but rather involved) to obtain one,
68 68 as explained in detail in `this tutorial`__.
69 69
70 70 .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars
71 71
72 72 Keep in mind that when you enable SSL support, you will need to access the
73 73 notebook server over ``https://``, not over plain ``http://``. The startup
74 74 message from the server prints this, but it is easy to overlook and think the
75 75 server is for some reason non-responsive.
76 76
77 77
78 78 .. _notebook_public_server:
79 79
80 80 Running a public notebook server
81 81 --------------------------------
82 82
83 83 If you want to access your notebook server remotely via a web browser,
84 84 you can do the following.
85 85
86 86 Start by creating a certificate file and a hashed password, as explained
87 87 above. Then create a custom profile for the notebook, with the following
88 88 command line, type::
89 89
90 90 $ ipython profile create nbserver
91 91
92 92 In the profile directory just created, edit the file
93 93 ``ipython_notebook_config.py``. By default, the file has all fields
94 94 commented; the minimum set you need to uncomment and edit is the following::
95 95
96 96 c = get_config()
97 97
98 98 # Notebook config
99 99 c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem'
100 100 c.NotebookApp.ip = '*'
101 101 c.NotebookApp.open_browser = False
102 102 c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]'
103 103 # It is a good idea to put it on a known, fixed port
104 104 c.NotebookApp.port = 9999
105 105
106 106 You can then start the notebook and access it later by pointing your browser
107 107 to ``https://your.host.com:9999`` with ``ipython notebook
108 108 --profile=nbserver``.
109 109
110
111 Firewall Setup
112 ``````````````
113
114 To function correctly, the firewall on the computer running the ipython server must be
115 configured to allow connections from client machines on the ``c.NotebookApp.port``
116 port to allow connections to the web interface. The firewall must also allow
117 connections from 127.0.0.1 (localhost) on ports from 49152 to 65535.
118 These ports are used by the server to communicate with the notebook kernels.
119 The kernel communication ports are chosen randomly by ZeroMQ, and may require
120 multiple connections per kernel, so a large range of ports must be accessible.
121
110 122 Running with a different URL prefix
111 123 -----------------------------------
112 124
113 125 The notebook dashboard (the landing page with an overview
114 126 of the notebooks in your working directory) typically lives at the URL
115 127 ``http://localhost:8888/``. If you prefer that it lives, together with the
116 128 rest of the notebook, under a sub-directory,
117 129 e.g. ``http://localhost:8888/ipython/``, you can do so with
118 130 configuration options like the following (see above for instructions about
119 131 modifying ``ipython_notebook_config.py``)::
120 132
121 133 c.NotebookApp.base_url = '/ipython/'
122 134 c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'}
123 135
124 136 Using a different notebook store
125 137 --------------------------------
126 138
127 139 By default, the notebook server stores the notebook documents that it saves as
128 140 files in the working directory of the notebook server, also known as the
129 141 ``notebook_dir``. This logic is implemented in the
130 142 :class:`FileNotebookManager` class. However, the server can be configured to
131 143 use a different notebook manager class, which can
132 144 store the notebooks in a different format.
133 145
134 146 The bookstore_ package currently allows users to store notebooks on Rackspace
135 147 CloudFiles or OpenStack Swift based object stores.
136 148
137 149 Writing a notebook manager is as simple as extending the base class
138 150 :class:`NotebookManager`. The simple_notebook_manager_ provides a great example
139 151 of an in memory notebook manager, created solely for the purpose of
140 152 illustrating the notebook manager API.
141 153
142 154 .. _bookstore: https://github.com/rgbkrk/bookstore
143 155
144 156 .. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager
145 157
146 158 Known issues
147 159 ------------
148 160
149 161 When behind a proxy, especially if your system or browser is set to autodetect
150 162 the proxy, the notebook web application might fail to connect to the server's
151 163 websockets, and present you with a warning at startup. In this case, you need
152 164 to configure your system not to use the proxy for the server's address.
153 165
154 166 For example, in Firefox, go to the Preferences panel, Advanced section,
155 167 Network tab, click 'Settings...', and add the address of the notebook server
156 168 to the 'No proxy for' field.
General Comments 0
You need to be logged in to leave comments. Login now