Unable to reach JupyterHub from the outside world

James_Leong · July 11, 2024, 4:24pm

Hi all,

I am having an issue accessing JupyterHub from the outside world. In my setup, I have a server that runs a web service on the public IP that uses Let’s Encrypt. I plan to run the JupyterHub service on the same server and assume that my public IP is 11.10.11.10 and an internal IP (192.168.0.100) is mapped to that public IP.

Questions

Since I have used Let’s Encrypt for my web service, if I use the the-config tool to configure my proxy and other related stuff, will this affect the web service that I already have running on that server?
Is tljh-config mandatory to allow JupyterHub to be accessible from the outside world?

Below is how I set up my JupyterHub without using tljh-config, and I was hoping that it allows users from outside to access the hub.
My jupyterhub_config.py

c = get_config()
# Identity provider info
c.OAuthenticator.allow_all = True
c.JupyterHub.authenticator_class = "globus"
c.OAuthenticator.scope = ['openid', 'profile', 'email']
c.OAuthenticator.exclude_tokens = ['auth.globus.org']
c.OAuthenticator.authorize_url = "https://auth.globus.org/v2/oauth2/authorize"
c.OAuthenticator.token_url = "https://auth.globus.org/v2/oauth2/token"
c.OAuthenticator.userdata_url = "https://auth.globus.org/v2/oauth2/userinfo"
c.OAuthenticator.logout_redirect_url = 'https://globus.org/logout'
c.OAuthenticator.oauth_callback_url = "https://<dns>:8888/hub/oauth_callback"
c.OAuthenticator.client_id = <client id>
c.OAuthenticator.client_secret = <client secret>

# General parameters                                                                                                                                                                          
c.JupyterHub.debug_proxy = True
c.JupyterHub.admin_access = True
c.OAuthenticator.enable_auth_state = True
c.OAuthenticator.revoke_tokens_on_logout = False
c.JupyterHub.data_files_path = '/home/<username>/jupyterenv/share/jupyterhub/'
c.JupyterHub.extra_log_file = '/var/log/jupyterhub.log'

# JupyterHub ip and url                                                                                                                                                                       
c.JupyterHub.ip = '192.168.0.100'
c.JupyterHub.port = 8888
c.JupyterHub.hub_ip = '192.168.0.100'
c.JupyterHub.hub_port = 8087
c.JupyterHub.base_url = '/'

# Cert related                                                                                                                                                                                
c.JupyterHub.internal_ssl = True
c.JupyterHub.recreate_internal_certs = True
c.JupyterHub.ssl_key = '/etc/letsencrypt/live/<dns>privkey.pem'
c.JupyterHub.ssl_cert = '/etc/letsencrypt/live/<dns>fullchain.pem'

Whenever I try to access the hub via https://192.168.0.100:8888 on a web browser, it shows only “Service Unavailable.” When I do check the status of my JupyterHub service, it shows the following error.

jupyterhub[547300]: 11:01:09.577 [ConfigProxy] error: 503 GET / Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 192.168.0.100 is not in the cert's list: 127.0.0.1
jupyterhub[547300]: 11:01:09.582 [ConfigProxy] debug: Requesting custom error page: https://192.168.0.100:8087/hub/error/503?url=%2F
jupyterhub[547300]: 11:01:09.585 [ConfigProxy] error: Failed to get custom error page: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 192.168.0.100 is not in the cert's list: 127.0.0.1
jupyterhub[547300]: 11:01:09.585 [ConfigProxy] debug: Not recording activity for status 503 on /
jupyterhub[547300]: 11:01:09.662 [ConfigProxy] debug: PROXY WEB /favicon.ico to https://192.168.0.100:8087
jupyterhub[547300]: 11:01:09.666 [ConfigProxy] error: 503 GET /favicon.ico Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 192.168.0.100 is not in the cert's list: 127.0.0.1
jupyterhub[547300]: 11:01:09.666 [ConfigProxy] debug: Requesting custom error page: https://192.168.0.100:8087/hub/error/503?url=%2Ffavicon.ico
jupyterhub[547300]: 11:01:09.670 [ConfigProxy] error: Failed to get custom error page: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 192.168.0.100 is not in the cert's list: 127.0.0.1
jupyterhub[547300]: 11:01:09.670 [ConfigProxy] debug: Not recording activity for status 503 on /

When I do https://<dns>:8888, it doesn’t seem to trigger anything on the JupyterHub side. I was expecting that it would redirect from (https://:8888) to IP (11.10.11.10) to (192.168.0.100) on port 8888. But that doesn’t seem to be the case. Apart from that, I am not seeing any error messages in my jupyterhub.log file. Any help is greatly appreciated.

Best,
James

Topic		Replies	Views
How to access API from jupyterhub server JupyterHub jupyterhub , help-wanted	0	448	December 21, 2020
Jupyter notebook via jupyterhub not working on public IP address JupyterHub jupyterlab	3	815	March 2, 2022
Jupyterhub subdomain and SSL JupyterHub	2	1170	June 4, 2020
After installing TLHJ in Google Cloud, I cannot access to the external IP The Littlest JupyterHub jupyterhub , how-to	0	576	September 17, 2022
Encrypt internal communication, usage of c.JupyterHub.hub_connect_url JupyterHub	0	379	June 3, 2020

Unable to reach JupyterHub from the outside world

Related topics