Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https entry point? #43

Closed
AaronWatters opened this issue May 1, 2017 · 6 comments
Closed

https entry point? #43

AaronWatters opened this issue May 1, 2017 · 6 comments
Labels
documentation

Comments

@AaronWatters
Copy link

Please document how to set up an https entry point for the hub server. Currently the server is accessed by default using http.
@yuvipanda
Copy link
Collaborator

Tracked in jupyterhub/helm-chart#14

@yuvipanda
Copy link
Collaborator

This has been fixed by #229!

@masonlr
Copy link

masonlr commented Jan 16, 2018

@yuvipanda does #229 explicitly require purchasing a domain name from a registrar? (as explained https://zero-to-jupyterhub.readthedocs.io/en/v0.5-doc/security.html#https)

What I'd like to do is access the CLUSTER-IP directly using https, rather than via the A record on a separate DNS provider? Is this even possible – apologies I'm new to this topic.

Example: http://<CLUSTER-IP> works for me in a browser, but can I get https://<CLUSTER-IP> to work for me via proxy options in the config yaml files?

@yuvipanda
Copy link
Collaborator

@masonlr yeah, it does require an external domain name purchased. This is because we use https://letsencrypt.org/ to provision HTTPS certificates, and they require a domain name. This is the case for most HTTPS certificate providers - they won't provide you HTTPS certificates for IPs.

CLUSTER-IP is also usually only accessible from inside the cluster, and (unless your cluster is configured in specific ways that most clusters are not) not accessible from the external world.

@masonlr
Copy link

masonlr commented Jan 17, 2018

@yuvipanda thanks for this info. Apologies, I should have written EXTERNAL-IP above, i.e. http://<EXTERNAL-IP> works for me in a browser.

@masonlr
Copy link

masonlr commented Jan 18, 2018
edited

@yuvipanda just to clarify, if I follow the deployment instructions for the zero-to-jupyterhub-k8s repository I receive an EXTERNAL-IP of the form (where letters are replaced with numbers)

mn.opq.rs.tu

This automatically sets up a domain name of the form

tu.rs.opq.mn.bc.googleusercontent.com

Should it be possible for me to pass this domain name to let's encrypt via yaml parameters:

proxy:
  https:
    hosts:
      - tu.rs.opq.mn.bc.googleusercontent.com
    letsencrypt:
      contactEmail: my.email@example.com

Or, is this insufficient information for proving control of the tu.rs.opq.mn.bc.googleusercontent.com domain?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yuvipanda @willingc @masonlr @AaronWatters