hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

require confirmation for JupyterHub to run without SSL

Browse Source 
ensures folks deploying JupyterHub on HTTP have been told what's up.
This commit is contained in:
Min RK
2016-02-04 22:58:22 +01:00
parent 65a019e05b
commit 90c2b23fc0
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
jupyterhub/app.py
View File

@@ -87,6 +87,9 @@ flags = {
'no-db': ({'JupyterHub': {'db_url': 'sqlite:///:memory:'}}, 'no-db': ({'JupyterHub': {'db_url': 'sqlite:///:memory:'}},
"disable persisting state database to disk" "disable persisting state database to disk"
), ),
'no-ssl': ({'JupyterHub': {'confirm_no_ssl': True}},
"Allow JupyterHub to run without SSL (SSL termination should be happening elsewhere)."
),
} }
SECRET_BYTES = 2048 # the number of bytes to use when generating new secrets SECRET_BYTES = 2048 # the number of bytes to use when generating new secrets
@@ -209,6 +212,11 @@ class JupyterHub(Application):
def _template_paths_default(self): def _template_paths_default(self):
return [os.path.join(self.data_files_path, 'templates')] return [os.path.join(self.data_files_path, 'templates')]
confirm_no_ssl = Bool(False, config=True,
help="""Confirm that JupyterHub should be run without SSL.
This is **NOT RECOMMENDED** unless SSL termination is being handled by another layer.
"""
)
ssl_key = Unicode('', config=True, ssl_key = Unicode('', config=True,
help="""Path to SSL key file for the public facing interface of the proxy help="""Path to SSL key file for the public facing interface of the proxy
@@ -800,6 +808,18 @@ class JupyterHub(Application):
cmd.extend(['--ssl-key', self.ssl_key]) cmd.extend(['--ssl-key', self.ssl_key])
if self.ssl_cert: if self.ssl_cert:
cmd.extend(['--ssl-cert', self.ssl_cert]) cmd.extend(['--ssl-cert', self.ssl_cert])
# Require SSL to be used or `--no-ssl` to confirm no SSL on
if ' --ssl' not in ' '.join(cmd):
if self.confirm_no_ssl:
self.log.warning("Running JupyterHub without SSL."
" There better be SSL termination happening somewhere else...")
else:
self.log.error(
"Refusing to run JuptyterHub without SSL."
" If you are terminating SSL in another layer,"
" pass --no-ssl to tell JupyterHub to allow the proxy to listen on HTTP."
)
self.exit(1)
self.log.info("Starting proxy @ %s", self.proxy.public_server.bind_url) self.log.info("Starting proxy @ %s", self.proxy.public_server.bind_url)
self.log.debug("Proxy cmd: %s", cmd) self.log.debug("Proxy cmd: %s", cmd)
try: try:

1
jupyterhub/tests/mocking.py
View File

@@ -109,6 +109,7 @@ class MockHub(JupyterHub):
"""Hub with various mock bits""" """Hub with various mock bits"""
db_file = None db_file = None
confirm_no_ssl = True
def _ip_default(self): def _ip_default(self):
return localhost() return localhost()