Unable to get git hub oauth work on a jupyterhub server which is behind a proxy

My Jupyterhub server is behind a proxy in a DMZ. I am able to set up the hub server. however while i run the git hub auth I get the following error:

[E 2020-10-12 09:40:58.565 JupyterHub web:1792] Uncaught exception GET /hub/oauth_callback?code=5fa9a45d536540819884&state=eyJzdGF0ZV9pZCI6ICI0YmMwZWVlYjI1ZDc0NDg5YWMxZDEyNTdjODg5ZjY2ZiIsICJuZXh0X3VybCI6ICIifQ%3D%3D (194.39.131.5)
HTTPServerRequest(protocol=‘http’, host=‘my.host.com’, method=‘GET’, uri=’/hub/oauth_callback?code=5fa9a45d536540819884&state=eyJzdGF0ZV9pZCI6ICI0YmMwZWVlYjI1ZDc0NDg5YWMxZDEyNTdjODg5ZjY2ZiIsICJuZXh0X3VybCI6ICIifQ%3D%3D’, version=‘HTTP/1.1’, remote_ip=‘194.39.131.5’)
Traceback (most recent call last):
File “/usr/local/lib/python3.6/dist-packages/tornado/web.py”, line 1703, in _execute
result = await result
File “/usr/local/lib/python3.6/dist-packages/oauthenticator/oauth2.py”, line 213, in get
user = await self.login_user()
File “/usr/local/lib/python3.6/dist-packages/jupyterhub/handlers/base.py”, line 699, in login_user
authenticated = await self.authenticate(data)
File “/usr/local/lib/python3.6/dist-packages/jupyterhub/auth.py”, line 383, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File “/usr/local/lib/python3.6/dist-packages/oauthenticator/sapgithub.py”, line 141, in authenticate
resp = await http_client.fetch(req)
File “/usr/local/lib/python3.6/dist-packages/tornado/simple_httpclient.py”, line 336, in run
source_ip=source_ip,
File “/usr/local/lib/python3.6/dist-packages/tornado/tcpclient.py”, line 270, in connect
addrinfo = await self.resolver.resolve(host, port, af)
File “/usr/local/lib/python3.6/dist-packages/tornado/netutil.py”, line 396, in resolve
None, _resolve_addr, host, port, family
File “/usr/lib/python3.6/concurrent/futures/thread.py”, line 56, in run
result = self.fn(*self.args, **self.kwargs)
File “/usr/local/lib/python3.6/dist-packages/tornado/netutil.py”, line 379, in _resolve_addr
addrinfo = socket.getaddrinfo(host, port, family, socket.SOCK_STREAM)
File “/usr/lib/python3.6/socket.py”, line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

It sounds like your OAuth server can’t be reached. Have you verified that your network routing, firewall, and DNS are all correct?

@manics Thanks so much. Yes i am unable to reach the OAuth server. A simple curl showed me that. But how do i use jupyterhub in a DMZ? The only way to access outside network is via a DMZ proxy. Is there a way to do it?

@manics I added the ip of the github server to /etc/hosts to fix the resolver issues. I am using the jupyterhub behind an NGINX reverse proxy which is able to reach the github server. Its when the redirect happens from the enterprise github that I get this error:

[D 2020-10-12 23:46:57.001 JupyterHub log:174] 304 GET /hub/logo (@194.39.131.5) 0.79ms
[I 2020-10-12 23:47:00.374 JupyterHub oauth2:103] OAuth redirect: ‘mydothostdotcom/hub/oauth_callback’
[I 2020-10-12 23:47:00.375 JupyterHub log:174] 302 GET /hub/oauth_login?next= -> myenterprisegithub/login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fmydothostdotcom%2Fhub%2Foauth_callback&client_id=455853a518ec4809c1fa&state=[secret] (@194.39.131.5) 1.53ms
[E 2020-10-12 23:47:10.027 JupyterHub web:1792] Uncaught exception GET /hub/oauth_callback?code=18521fda182fe7446e55&state=eyJzdGF0ZV9pZCI6ICIyZWNhYzY0MzViMzk0ZWQ2ODE1MDNhNzZlNjlhMzAxMyIsICJuZXh0X3VybCI6ICIifQ%3D%3D (194.39.131.5)
HTTPServerRequest(protocol=‘http’, host=‘mydothostdotcom’, method=‘GET’, uri=’/hub/oauth_callback?code=18521fda182fe7446e55&state=eyJzdGF0ZV9pZCI6ICIyZWNhYzY0MzViMzk0ZWQ2ODE1MDNhNzZlNjlhMzAxMyIsICJuZXh0X3VybCI6ICIifQ%3D%3D’, version=‘HTTP/1.1’, remote_ip=‘194.39.131.5’)
Traceback (most recent call last):
File “/usr/local/lib/python3.6/dist-packages/tornado/web.py”, line 1703, in _execute
result = await result
File “/usr/local/lib/python3.6/dist-packages/oauthenticator/oauth2.py”, line 213, in get
user = await self.login_user()
File “/usr/local/lib/python3.6/dist-packages/jupyterhub/handlers/base.py”, line 699, in login_user
authenticated = await self.authenticate(data)
File “/usr/local/lib/python3.6/dist-packages/jupyterhub/auth.py”, line 383, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File “/usr/local/lib/python3.6/dist-packages/oauthenticator/sapgithub.py”, line 141, in authenticate
resp = await http_client.fetch(req)
OSError: [Errno 113] No route to host

[D 2020-10-12 23:47:10.029 JupyterHub base:1197] No template for 500
[E 2020-10-12 23:47:10.034 JupyterHub log:166] {
“X-Forwarded-Host”: “my.host.com”,
“X-Forwarded-Proto”: “http”,
“X-Forwarded-Port”: “80”,
“Cookie”: “rxVisitor=[secret]; dtCookie=[secret]; dtSa=[secret]; dtLatC=[secret]; dtPC=[secret]; rxvt=[secret]; oauthenticator-state=[secret]”,
“Accept-Language”: “en-US,en;q=0.9”,
“Accept-Encoding”: “gzip, deflate, br”,
“Referer”: “my.idp.service”,
“Sec-Fetch-Dest”: “document”,
“Sec-Fetch-Mode”: “navigate”,
“Sec-Fetch-Site”: “cross-site”,
“Accept”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,
“User-Agent”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.123 Safari/537.36”,
“Upgrade-Insecure-Requests”: “1”,
“Cache-Control”: “max-age=0”,
“Connection”: “close”,
“X-Forwarded-For”: “194.39.131.5,::ffff:127.0.0.1”,
“Host”: “my.host.com”,
“X-Real-Ip”: “194.39.131.5”
}

There’s an issue on the oauthenticator repo about enabling a HTTP(S) proxy:

Maybe it will help?

Thank you @manics. Being a little new to Jupyterhub I want to know where to add the the piece of code suggested by dtanderson in https://github.com/jupyterhub/oauthenticator/issues/217? Will it be in jupyterhub_config.py or the app.py?

You should add it to your jupyterhub_config.py assuming you’re managing JupyterHub yourself. If you’re using a distribution of JupyterHub such as Z2JH this may be different.