My Profile
Sign Out
Tickets
Knowledge Base
Login
Create Ticket
Articles in this section
Category / Section
  1. Home
  2. Big Data Platform
  3. General

SSL communication for IPython web UI in Linux Secure cluster

2 mins read

This document explains how to enable SSL communication for IPython web UI in Kerberos enabled secure cluster running in Linux nodes.

Perquisite software in Linux node

OpenSSL

Install OpenSSL using the following command.

Ubuntu: sudo apt-get install openssl

CentOS: sudo yum install openssl

Nginx

Install Nginx using the following command.

Ubuntu: sudo apt-get install nginx

CentOS: Add the CentOS EPEL package first, followed by Nginx.

sudo yum install epel-release

sudo yum install nginx

Apache2-utils

Install apache2-utils using the following command.

Ubuntu: sudo apt-get install apache2-utils

CentOS: sudo yum install httpd-tools

 

Steps involved in hosting IPython service as SSL

Step1: Stop IPython running service in host

Stop the IPython service, if it is already running in your cluster.

 

Step 2: Create certificate, certificate key, and PEM file

Open terminal and execute the following commands to create the required certificate, certificate key, and PEM file.

openssl genrsa -out /home/syncfusion/HadoopNode/SSL/nginx.key 3650

 

openssl req -new -x509 -days 3650 -subj "/CN=synclinux104" -key /home/syncfusion/HadoopNode/SSL/nginx.key -out /home/syncfusion/HadoopNode/SSL/nginx.crt

 

openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj "/C=IN/ST=TN/L=CH/O=SYNCFUSION/CN=synclinux104" -keyout  /home/syncfusion/HadoopNode/SSL/ipython.pem -out /home/syncfusion/HadoopNode/SSL/ipython.pem

 

In the previous commands, synclinux104 can be replaced with any string.

 

/home/syncfusion/HadoopNode/SSL: Folder location should be same while updating Nginx and IPython configuration in step 4 and step 5.

 

Step 3: Create user for HTTPS authentication

Create a new user and set password using the following command. This is the credentials to be entered while authenticating Nginx URL.        

sudo htpasswd -c /etc/nginx/.httppassword testuser

/etc/nginx/.httppassword: Location should be same while updating configuration in step 4 location tag.

Create user

 

Step 4: Nginx configuration changes

Open Nginx conf file - /etc/nginx/nginx.conf.

Update the HTTP tag with values based on the following template.

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    tcp_nopush     off;

    client_max_body_size 100M;

    keepalive_timeout  20;

  

 server {

        listen       $proxyport;

        server_name  $proxyserver;

   ssl on;

   ssl_certificate $certificatelocation;

     ssl_certificate_key $certificatekeylocation;

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout 2m;

        ssl_ciphers  HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;

       

  

 

        location / {

   auth_basic "Restricted Content";

                    auth_basic_user_file /etc/nginx/.httppassword;

   proxy_pass $BackendServer;

   proxy_http_version 1.1;

   proxy_set_header Upgrade $http_upgrade;

   proxy_set_header Connection "upgrade";

   proxy_set_header Origin "";

        }

  

    }

}

 

 

In the previous template, update the following variables where, synclinux104 is hostname.

$proxyport: 10002

$proxyserver: synclinux104

$certificatelocation: /home/syncfusion/HadoopNode/SSL/nginx.crt

$certificatekeylocation: /home/syncfusion/HadoopNode/SSL/nginx.key

$BackendServer: https://synclinux104:10012/

 

Step 5: IPython configuration changes

Open the ‘jupyter_notebook_config.py’ file from the following location. /home/syncfusion/HadoopNode/Python/settings/jupyter/jupyter_notebook_config.py.

Replace the line (# c.NotebookApp.certfile = u'') with the following.

c.NotebookApp.certfile = u'/home/syncfusion/HadoopNode/SSL/ipython.pem'

 

Step 6: Restart Nginx server

Restart your Nginx server using the following command and ensure whether it is started properly in port 10002.

sudo service nginx restart

 

Step 7: Start IPython server

  1. Open terminal and navigate to /home/syncfusion/HadoopNode/Python/bin location.
  2. Execute following export commands:

export IPYTHONDIR=/home/syncfusion/HadoopNode/Python/settings/ipython

export JUPYTER_CONFIG_DIR=/home/syncfusion/HadoopNode/Python/settings/jupyter

  1. Ipython server start command.

./ipython notebook --no-mathjax --port=10012 --no-browser --ip=synclinux104

Here, synclinux104 is hostname

 

Step 8: Access IPython notebook

You can access IPython via Nginx authentication by opening the Nginx URL in the browser.

IPython login

The browser will pop up for credentials. Provide the credentials that are configured in Step 3.

IPython home

 

Note:

For this case, port 10002 has been used as Nginx port and the port 10012 as IPython service port.

 

 

Did you find this information helpful?
Yes
No
Help us improve this page
Please provide feedback or comments
Comments (0)
Please sign in to leave a comment
Access denied
Access denied