hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-08 02:24:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

consolidate trusted alt names

Browse Source 
- trust subdomain_host by default
- JupyterHub.trusted_alt_names is inherited by Spawners by default. Do we need Spawner.ssl_alt_names to be separately configurable?
This commit is contained in:
Min RK
2018-10-16 15:46:50 +02:00
parent 9a45f4a8c9
commit eb7648abc2
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jupyterhub/app.py
View File

@@ -1216,6 +1216,8 @@ class JupyterHub(Application):
self.internal_ssl_components_trust) self.internal_ssl_components_trust)
default_alt_names = ["IP:127.0.0.1", "DNS:localhost"] default_alt_names = ["IP:127.0.0.1", "DNS:localhost"]
if self.subdomain_host:
default_alt_names.append("DNS:%s" % urlparse(self.subdomain_host).hostname)
# The signed certs used by hub-internal components # The signed certs used by hub-internal components
try: try:
internal_key_pair = certipy.store.get_record("hub-internal") internal_key_pair = certipy.store.get_record("hub-internal")

11
jupyterhub/spawner.py
View File

@@ -28,7 +28,7 @@ from tornado.ioloop import PeriodicCallback
from traitlets.config import LoggingConfigurable from traitlets.config import LoggingConfigurable
from traitlets import ( from traitlets import (
Any, Bool, Dict, Instance, Integer, Float, List, Unicode, Union, Any, Bool, Dict, Instance, Integer, Float, List, Unicode, Union,
observe, validate, default, observe, validate,
) )
from .objects import Server from .objects import Server
@@ -696,6 +696,8 @@ class Spawner(LoggingConfigurable):
""" """
return s.format(**self.template_namespace()) return s.format(**self.template_namespace())
trusted_alt_names = List(Unicode())
ssl_alt_names = List( ssl_alt_names = List(
Unicode(), Unicode(),
config=True, config=True,
@@ -705,6 +707,13 @@ class Spawner(LoggingConfigurable):
or set at runtime by Spawner that know their names. or set at runtime by Spawner that know their names.
""" """
) )
@default('ssl_alt_names')
def _default_ssl_alt_names(self):
# by default, use trusted_alt_names
# inherited from global app
return list(self.trusted_alt_names)
ssl_alt_names_include_local = Bool( ssl_alt_names_include_local = Bool(
True, True,
config=True, config=True,

6
jupyterhub/utils.py
View File

@@ -189,11 +189,9 @@ async def wait_for_http_server(url, timeout=10, ssl_context=None):
""" """
loop = ioloop.IOLoop.current() loop = ioloop.IOLoop.current()
tic = loop.time() tic = loop.time()
settings = None
if ssl_context:
settings = {"ssl_options": ssl_context}
AsyncHTTPClient.configure(None, defaults=settings)
client = AsyncHTTPClient() client = AsyncHTTPClient()
if ssl_context:
client.ssl_options = ssl_context
async def is_reachable(): async def is_reachable():
try: try:
r = await client.fetch(url, follow_redirects=False) r = await client.fetch(url, follow_redirects=False)