Encrypt internal communication, usage of c.JupyterHub.hub_connect_url


I’m trying to get our jupyterhub working so that all traffic to our hub is encrypted. Currently I use:

c.JupyterHub.bind_url = ''
c.JupyterHub.hub_ip = ''
c.JupyterHub.hub_connect_port = 8100

And a reverse Proxy configuration of nginx that forwards all request to fqdn/jupyter to localhost:8100. The notebook servers are spawned on different machines and contact the hub by using the IP-address and in an unencrypted matter. This communication I call internal communication.

Is it currently possible to implement that?

I have seen that there is hub_connect_url but when I use it jupyterhub tries to bind to that address. I thought it would only be used by spawners e.g. to contact the hub. Is it currently possible to encrypt all communication when using a reverse proxy, an external CHP and notebook servers on other machines?

There also is internal_ssl but it seems not only to create certificates and so on for internal communication but also for the publicly available hub page.

I am grateful for every hint pointing me to the solution :slight_smile: