diff --git a/jupyterhub/app.py b/jupyterhub/app.py index bd9bf239..74862da1 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1216,6 +1216,8 @@ class JupyterHub(Application): self.internal_ssl_components_trust) default_alt_names = ["IP:127.0.0.1", "DNS:localhost"] + if self.subdomain_host: + default_alt_names.append("DNS:%s" % urlparse(self.subdomain_host).hostname) # The signed certs used by hub-internal components try: internal_key_pair = certipy.store.get_record("hub-internal") diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index b2b4da25..ad1c4c6d 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -28,7 +28,7 @@ from tornado.ioloop import PeriodicCallback from traitlets.config import LoggingConfigurable from traitlets import ( Any, Bool, Dict, Instance, Integer, Float, List, Unicode, Union, - observe, validate, + default, observe, validate, ) from .objects import Server @@ -696,6 +696,8 @@ class Spawner(LoggingConfigurable): """ return s.format(**self.template_namespace()) + trusted_alt_names = List(Unicode()) + ssl_alt_names = List( Unicode(), config=True, @@ -705,6 +707,13 @@ class Spawner(LoggingConfigurable): or set at runtime by Spawner that know their names. """ ) + + @default('ssl_alt_names') + def _default_ssl_alt_names(self): + # by default, use trusted_alt_names + # inherited from global app + return list(self.trusted_alt_names) + ssl_alt_names_include_local = Bool( True, config=True, diff --git a/jupyterhub/utils.py b/jupyterhub/utils.py index 770610f4..3947eaea 100644 --- a/jupyterhub/utils.py +++ b/jupyterhub/utils.py @@ -189,11 +189,9 @@ async def wait_for_http_server(url, timeout=10, ssl_context=None): """ loop = ioloop.IOLoop.current() tic = loop.time() - settings = None - if ssl_context: - settings = {"ssl_options": ssl_context} - AsyncHTTPClient.configure(None, defaults=settings) client = AsyncHTTPClient() + if ssl_context: + client.ssl_options = ssl_context async def is_reachable(): try: r = await client.fetch(url, follow_redirects=False)