最近工作上,领导心愿将分析师在各自电脑上的剖析环境和工作脚本进行对立治理,要求我给出一个解决方案。而分析师应用的工具是 Jupyter,我自然而然的想到了官网的 JupyterHub。通过调研,发现 JupyterHub 齐全能满足需要,而且对分析师来说学习老本简直为零。于是我便花了一天的工夫部署了一个多用户 JupyterHub 测试环境,并配置好 GitHub 认证。上面和大家分享一下我的部署过程。
01/ 环境
依据 JupyterHub 装置要求,我筹备好了如下环境:
- 零碎环境:CentOS 7.6
-
语言环境:Python 3.6,NodeJS 14.16
02/ 装置 JupyterHub 及配置 Nginx 反向代理
JupyterHub 装置非常简单,能够间接应用 pip 进行装置。按如下命令即可进行装置:
npm install -g configurable-http-proxy
python3 -m pip install jupyterhub
装置实现后,创立一个 JupyterHub 运行目录,进入该目录,学生成配置文件,而后启动:
jupyterhub --generate-config
jupyterhub
启动后,在浏览器输出:
http://127.0.0.1:8000
就能拜访 JupyterHub 了,此时会主动跳转到登录页。
JupyterHub 反对多种账号身份认证,你甚至能够本人实现一个认证器。我应用的是 GitHub 认证器进行账号认证,前面我再讲如何对接 GitHub 认证对接。
为了让分析师更好的应用 JupyterHub,我申请了一个域名,应用 Nginx 反向代理到 JupyterHub 到 8000 服务上。我应用 Linux 的 Systemd 来启动 JupyterHub 的守护过程,创立一个名为 jupyterhub.service 的 Unit 配置,如下:
[Unit]
Description=The JupyterHub Service
After=syslog.target network.target
[Service]
User=root
Restart=always
WorkingDirectory=/path/to/jupyterhub
PrivateTmp=yes
PrivateDevices=yes
ExecStart=/usr/bin/python3 -m jupyterhub -f jupyterhub_config.py --upgrade-db
[Install]
WantedBy=multi-user.target
配置好 JupyterHub 的 Systemd 服务后,就能够应用如下命令来治理 JupyterHub 服务了。
systemctl start jupyterhub.service
systemctl stop jupyterhub.service
接着就能够配置 Nginx 反向代理了:
# top-level http config for websocket headers
# If Upgrade is defined, Connection = upgrade
# If Upgrade is empty, Connection = close
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# HTTP server to redirect all 80 traffic to SSL/HTTPS
server {
listen 80;
server_name YOUR.DOMAIN.COM;
# Tell all requests to port 80 to be 302 redirected to HTTPS
return 302 https://$host$request_uri;
}
# HTTPS server to handle JupyterHub
server {
listen 443;
ssl on;
server_name YOUR.DOMAIN.COM;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
# Managing literal requests to the JupyterHub front end
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# websocket headers
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Scheme $scheme;
proxy_buffering off;
}
# Managing requests to verify letsencrypt host
location ~ /.well-known {allow all;}
}
03/ 配置 GitHub 账号认证
详情移步浏览:《多用户 JupyterHub 部署及 GitHub 用户认证》