hazza/docker-stacks
1
0
Fork 0
mirror of https://github.com/jupyter/docker-stacks.git synced 2025-10-17 15:02:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

More options for securing the notebook

Browse Source 
* letencrypt workflow
* Don't mount self-signed secrets directory over runtime
  dir where nbextensions might be preinstalled from Dockerfile

(c) Copyright IBM Corp. 2015
This commit is contained in:
Peter Parente
2015-12-11 00:07:18 -05:00
parent be926f24a1
commit a7b9485a0e
4 changed files with 82 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
examples/make-deploy/README.md
View File

@@ -45,7 +45,22 @@ make notebook NAME=your-notebook PORT=9001 WORK_VOLUME=our-work
### How do I run over HTTPS?
Instead of `make notebook` run `make secure-notebook PASSWORD=your_desired_password`.
Instead of `make notebook`, run `make self-signed-notebook PASSWORD=your_desired_password`. This target gives you a notebook wtih a self-signed certificate.
### That self-signed certificate is a pain. Let's Encrypt?
Yes. Please.
```
make letsencrypt FQDN=host.mydomain.com EMAIL=myemail@somewhere.com
make letsencrypt-notebook
```
The first command creates a Docker volume named after the notebook container with a `-secrets` suffix. It then runs the `letsencrypt` client with a slew of options (one of which has you automatically agreeing to the Let's Encrypt Terms of Service, see the Makefile). The second command mounts the secrets volume and configures Jupyter to use the full-chain certificate and private key.
Be aware: Let's Encrypt has a pretty [low rate limit per domain](https://community.letsencrypt.org/t/public-beta-rate-limits/4772/3) at the moment. Don't exhaust your requests playing around!
Also, keep in mind Let's Encrypt certificates are short lived: 90 days at the moment. You'll need to manually setup a cron job to run the renewal steps at the moment. (You can reuse the first command above.)
### My pip/conda/apt-get installs disappear every time I restart the container. Can I make them permanent?
@@ -88,10 +103,6 @@ If you'd like to add support for another docker-machine driver, use the `softlay
`make notebook` creates a Docker volume named after the notebook container with a `-data` suffix.
### Where are my HTTPS certificate and key stored?
`make secure-notebook` creates a Docker volume named after the notebook container with a `-secrets` suffix.
### Uh ... make?
Yes, sorry Windows users. It got the job done for a simple example. We can certainly accept other deployment mechanism examples in the parent folder or in other repos.