Skip to content

Loading…

Redirect http to https for notebook #1460

Open
Carreau opened this Issue · 11 comments

7 participants

@Carreau

(splitting #1459)

When running notebook over https, I tend to forgot it and enter the http url.
could it be possible do display a page that redirect to the same adress but in https instead of having a 404 ?
Eventually after displaying a message.

Thanks.

@takluyver
IPython: interactive computing in Python member

It probably doesn't even need a page, we can just send an HTTP redirect.

@Carreau

Sure, but it might be confusing when using self generated certificat, user might directly be forwarded to an "invalid certificat page", which is strange with http.
I would prefer something like :
'This notebook server is over https, please update your bookmark. Redirecting in 3 seconds ...'

@ellisonbg
IPython: interactive computing in Python member

Yes, if we do anything it should be a redirect. But I am not sure how this type of thing will work with tornado - don't know if it can do http+https easily.

@minrk
IPython: interactive computing in Python member

For reference, another project which has considered this issue: liftoff/GateOne#68

The easiest way to get half-way would be for our default http and https ports to be different, such that most users trying to access via http would be on 8888, while https would be on 9999. Then https mode could run a tiny http server on 8888 that does nothing but redirect to the https url. I don't know how many cases that would actually catch, though.

@ellisonbg
IPython: interactive computing in Python member

I agree that http and https should use different ports, but I think it is overkill to always run an https server to handle this redirect for the single user notebook.

@minrk
IPython: interactive computing in Python member

I think we should close this, and mark it as a tornado feature request.

@ellisonbg
IPython: interactive computing in Python member
@ellisonbg ellisonbg closed this
@ivanov
IPython: interactive computing in Python member

reopening:

i keep running into this, particularly because one usually runs https to make the notebook accessible on multiple ip address, and the server prints a line that one can't copy paste into the url field (https://[all ip addresses on your system]:8888) - and I mechanically forget to make it https since one doesn't need that for the locally running http://127.0.0.1:8888/

given that tornadoweb/tornado#523 has been closed, might we reconsider always having an HTTP entry point into our the notebook application? (such as the http->https redirect @minrk mentioned for liftoff/GateOne#68)

@ivanov ivanov reopened this
@bfroehle

I'd rather not see us fork tornado or require any monkey patches. Perhaps we could revisit tornadoweb/tornado#523 and suggest that they add a hook _handle_ssl_error or similar which would allow us to subclass the SSLIOStream object for our purpose.

Running two servers on two ports seems like overkill, but perhaps others disagree...

@takluyver
IPython: interactive computing in Python member

One of the tornado devs mentioned the possibility of using HSTS to tell the browser to always use HTTPS. So long as you're not switching between running the server with and without HTTPS, that could work.

We should check whether HSTS acts per-port or per-domain: if it's per-domain, that would interfere with any other local applications that run a web server.

@rgbkrk
IPython: interactive computing in Python member

HSTS doesn't seem to work with non-standard ports. I went ahead and tried this out in #6293, testing showed a complete lack of redirects.

The only case I got to actually load and work "appropriately" was opening the notebook server on port 80 (with an SSL configuration setup):

$ sudo ipython notebook --port=80
[I 05:20:24.008 NotebookApp] Using existing profile dir: u'/Users/rgbkrk/.ipython/profile_default'
...
[I 05:20:24.163 NotebookApp] The IPython Notebook is running at: https://localhost:80/
...

Which is then putting TLS over port 80 (that made me feel dirty):

screen shot 2014-08-12 at 5 22 41 am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.