SSL on Jupyterhub

Ido_Michael · March 31, 2022, 6:51am

Hi,

I’ve been following this guide on setting https on my deployed instance (on Kubernetes). Do I have to buy and setup a domain before the Set up automatic HTTPS stage?
What if I want HTTPS without getting a domain?
I did try using the IP and domain name of the load balancer but that produced an SSL_ERROR_INTERNAL_ERROR_ALERT error.

I’m running my cluster on AWS, I first deployed it without any https and then tried to add my IP as the domain but without success.

Any thoughts?

Ido_Michael · March 31, 2022, 10:00am

With keys that I’ve generated locally with openssl it works but stating it’s not secure.

manics · March 31, 2022, 4:48pm

You’ll need a domain that points to the IP of your cluster before you can setup a https certificate.

Ido_Michael · April 7, 2022, 11:55am

I have a subdomain: Cluster.mydomain.io and I’ve put a dns record pointing to the dynamic IP of the public-proxy, I’ve also checked it propogated via dig +trace and I can see the A record to the IP.
When I’m updating this block:

proxy:
  https:
    enabled: true
    hosts:
      - cluster.mydomain.io
    letsencrypt:
      contactEmail: someEmail

I’m getting an error: SSL_ERROR_INTERNAL_ERROR_ALERT
I didn’t see anything on the hub/P.proxy logs while running on debugging.

Ido_Michael · April 7, 2022, 12:59pm

PS, I’ve allocated an EIP in my AWS account and allocated it within the cluster’s vpc (which the EKS sits), and the A record I created is routing to this IP. I’ve also attached the configuration in the yaml:

proxy:
  service:
    loadBalancerIP: SOME_IP

manics · April 8, 2022, 7:17am

Where are you seeing this error?

Ido_Michael · April 8, 2022, 7:46am

When I’m trying to load the subdomain in a firefox browser.
I did try running get events on the cluster and found out this:

Error syncing load balancer: failed to ensure load balancer: LoadBalancerIP cannot be specified for AWS ELB
13m         Normal    LoadbalancerIP           service/proxy-public                   -> 52.44.some_IP
13m         Normal    ScalingReplicaSet        deployment/proxy                       Scaled down replica set proxy-665d98df47 to 0
13m         Normal    ScalingReplicaSet        deployment/proxy                       Scaled up replica set proxy-7f4585474 to 1
2m47s       Normal    NoPods                   poddisruptionbudget/user-placeholder   No matching pods found

Ido_Michael · April 12, 2022, 9:15am

Alright, I was able to solve it.
here’s what I had to do if someone hits the same issue:

I was running on EKS within a VPC + an elastic IP.

I configured first the ip within the config.yaml like the docs says.
I then moved the dns into Route 53.
I had to create an A record to map from my subdomain to the ELB that was deployed through an alias. Once that propagated (I’ve waited ~10 minutes), I’ve added the subdomain on the https section and updated the chart, it worked fine!

Thanks for the help!

Topic		Replies	Views
HTTPS and Domain Config Zero to JupyterHub on Kubernetes help-wanted	1	197	May 5, 2024
Issues with Off-loading SSL to a Load Balancer for JupyterHub with External DNS on EKS Zero to JupyterHub on Kubernetes	4	229	April 3, 2024
Unable to get HTTPS to work using LetsEncrypt Zero to JupyterHub on Kubernetes help-wanted	0	110	May 22, 2024
HTTPS with Let's Encrypt on JupyterHub in Kubernetes Zero to JupyterHub on Kubernetes	5	3589	July 23, 2019
JupyterHub on Host Network with HTTPS failing with 503: Service Unavailable Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	2	862	January 28, 2022

SSL on Jupyterhub

Related topics