SSL on Jupyterhub


I’ve been following this guide on setting https on my deployed instance (on Kubernetes). Do I have to buy and setup a domain before the Set up automatic HTTPS stage?
What if I want HTTPS without getting a domain?
I did try using the IP and domain name of the load balancer but that produced an SSL_ERROR_INTERNAL_ERROR_ALERT error.

  • I’m running my cluster on AWS, I first deployed it without any https and then tried to add my IP as the domain but without success.

Any thoughts?

With keys that I’ve generated locally with openssl it works but stating it’s not secure.

You’ll need a domain that points to the IP of your cluster before you can setup a https certificate.

1 Like

I have a subdomain: and I’ve put a dns record pointing to the dynamic IP of the public-proxy, I’ve also checked it propogated via dig +trace and I can see the A record to the IP.
When I’m updating this block:

    enabled: true
      contactEmail: someEmail

I didn’t see anything on the hub/P.proxy logs while running on debugging.

PS, I’ve allocated an EIP in my AWS account and allocated it within the cluster’s vpc (which the EKS sits), and the A record I created is routing to this IP. I’ve also attached the configuration in the yaml:

    loadBalancerIP: SOME_IP

Where are you seeing this error?

When I’m trying to load the subdomain in a firefox browser.
I did try running get events on the cluster and found out this:

Error syncing load balancer: failed to ensure load balancer: LoadBalancerIP cannot be specified for AWS ELB
13m         Normal    LoadbalancerIP           service/proxy-public                   -> 52.44.some_IP
13m         Normal    ScalingReplicaSet        deployment/proxy                       Scaled down replica set proxy-665d98df47 to 0
13m         Normal    ScalingReplicaSet        deployment/proxy                       Scaled up replica set proxy-7f4585474 to 1
2m47s       Normal    NoPods                   poddisruptionbudget/user-placeholder   No matching pods found

Alright, I was able to solve it.
here’s what I had to do if someone hits the same issue:

I was running on EKS within a VPC + an elastic IP.

I configured first the ip within the config.yaml like the docs says.
I then moved the dns into Route 53.
I had to create an A record to map from my subdomain to the ELB that was deployed through an alias. Once that propagated (I’ve waited ~10 minutes), I’ve added the subdomain on the https section and updated the chart, it worked fine!

Thanks for the help!

1 Like