We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
Unfortunately, activation email could not send to your email. Please try again.

SSL communication for IPython web UI in Linux Secure cluster

This document explains how to enable SSL communication for IPython web UI in Kerberos enabled secure cluster running in Linux nodes.

Perquisite software in Linux node

  • OpenSSL

Install OpenSSL using the following command.

Ubuntu: sudo apt-get install openssl

CentOS: sudo yum install openssl

  • Nginx

Install Nginx using the following command.

Ubuntu: sudo apt-get install nginx

CentOS: Add the CentOS EPEL package first, followed by Nginx.

sudo yum install epel-release

sudo yum install nginx

 

  • Apache2-utils

Install apache2-utils using the following command.

Ubuntu: sudo apt-get install apache2-utils

CentOS: sudo yum install httpd-tools

Steps involved in hosting IPython service as SSL

Step1: Stop IPython running service in host

Stop the IPython service, if it is already running in your cluster.

 

Step 2: Create certificate, certificate key, and PEM file

Open terminal and execute the following commands  to create the required certificate, certificate key, and PEM file.

openssl genrsa -out /home/syncfusion/HadoopNode/SSL/nginx.key 3650

 

openssl req -new -x509 -days 3650 -subj "/CN=synclinux104" -key /home/syncfusion/HadoopNode/SSL/nginx.key -out /home/syncfusion/HadoopNode/SSL/nginx.crt

 

openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj "/C=IN/ST=TN/L=CH/O=SYNCFUSION/CN=synclinux104" -keyout  /home/syncfusion/HadoopNode/SSL/ipython.pem -out /home/syncfusion/HadoopNode/SSL/ipython.pem

 

In the previous commands, synclinux104 can be replaced with any string.

 

/home/syncfusion/HadoopNode/SSL: Folder location should be same while updating Nginx and IPython configuration in step 4 and step 5.

 

Step 3: Create user for HTTPS authentication

Create a new user and set password using the following command. This is the credentials to be entered while authenticating Nginx URL.        

sudo htpasswd -c /etc/nginx/.httppassword testuser

/etc/nginx/.httppassword: Location should be same while updating configuration in step 4 location tag.

 

Step 4: Nginx configuration changes

Open Nginx conf file - /etc/nginx/nginx.conf.

Update the HTTP tag with values based on the following template.

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    tcp_nopush     off;

    client_max_body_size 100M;

    keepalive_timeout  20;

       

 server {

        listen       $proxyport;

        server_name  $proxyserver;

        ssl on;

        ssl_certificate $certificatelocation;

        ssl_certificate_key $certificatekeylocation;

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout 2m;

        ssl_ciphers  HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;

       

            

 

        location / {

                  auth_basic "Restricted Content";

                    auth_basic_user_file /etc/nginx/.httppassword;

                  proxy_pass $BackendServer;

                  proxy_http_version 1.1;

                  proxy_set_header Upgrade $http_upgrade;

                  proxy_set_header Connection "upgrade";

                  proxy_set_header Origin "";

        }

            

    }

}

 

 

In the previous template, update the following variables where, synclinux104 is hostname.

$proxyport: 10002

$proxyserver: synclinux104

$certificatelocation: /home/syncfusion/HadoopNode/SSL/nginx.crt

$certificatekeylocation: /home/syncfusion/HadoopNode/SSL/nginx.key

$BackendServer: https://synclinux104:10012/

 

Step 5: IPython configuration changes

Open the ‘jupyter_notebook_config.py’ file from the following location. /home/syncfusion/HadoopNode/Python/settings/jupyter/jupyter_notebook_config.py.

Replace the line (# c.NotebookApp.certfile = u'') with the following.

c.NotebookApp.certfile = u'/home/syncfusion/HadoopNode/SSL/ipython.pem'

 

Step 6: Restart Nginx server

Restart your Nginx server using the following command and ensure whether it is started properly in port 10002.

sudo service nginx restart

 

Step 7: Start IPython server

  1. Open terminal and navigate to /home/syncfusion/HadoopNode/Python/bin location.
  2. Execute following export commands:

export IPYTHONDIR=/home/syncfusion/HadoopNode/Python/settings/ipython

export JUPYTER_CONFIG_DIR=/home/syncfusion/HadoopNode/Python/settings/jupyter

  1. Ipython server start command.

./ipython notebook --no-mathjax --port=10012 --no-browser --ip=synclinux104

Here, synclinux104 is hostname

 

Step 8: Access IPython notebook

You can access IPython via Nginx authentication by opening the following Nginx URL in the browser.

 https://synclinux104:10002/

Here, synclinux104 is sample hostname.

The browser will pop up for credentials. Provide the credentials that are configured in Step 3.

Note:

For this case, port 10002 has been used as Nginx port and the port 10012 as IPython service port.

Article ID: Published Date: Last Revised Date: Platform: Control:
8877 06/26/2018 06/26/2018 Big Data Platform General
Did you find this information helpful?
Add Comment
You must log in to leave a comment

You are using an outdated version of Internet Explorer that may not display all features of this and other websites. Upgrade to Internet Explorer 8 or newer for a better experience.