6

I'm running a jupyter notebook inside an ubuntu 16.04 docker container, as a non-root user, with SSL configured via a .pem file. My issue is, I can't perform the jupyter notebook stop $port command to stop the running server.

I start the notebook by executing sudo HOME=/home/seiji -u seiji jupyter notebook to change the HOME environment variable (which is chown'd as seiji).

I can perform the usual jupyter notebook list command by running it as the user (seiji) and feeding in the JUPYTER_RUNTIME_DIR environment variable where jupyter looks for json files containing server info. For example: sudo JUPYTER_RUNTIME_DIR=/jupyter/runtime -u seiji jupyter notebook list correctly returns: https://localhost:8888/ :: /jupyter/notebooks (I specify the runtime dir in the config file in the usual way).

My issue is, I can't figure out how to execute jupyter notebook stop 8888 in a similar way. If I run it as is, it runs as root and tells me There are no running servers. If I run it as user:seiji, I run into SSL issues. As in: 

> sudo JUPYTER_RUNTIME_DIR=/jupyter/runtime -u seiji jupyter notebook stop 8888

returns an error. It begins: Shutting down server on port 8888 ... but then prints the following:

SSL Error on 10 ('::1', 8888, 0, 0): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

My guess is that it tries a 'http' address to access the server instead of 'https', but I can't figure out how to change this.

I've also tried passing the environment variable JUPYTER_CONFIG_DIR which contains the config file listing the location of the .pem file with the line c.NotebookApp.certfile = u'/jupyter/certs/mycert.pem'. I've also tried explicitly feeding in the location of the cert when running from cmdline with --certfile=[location] but it seems this is ignored. Does anyone have any ideas?

Seiji Armstrong
  • 1,105
  • 1
  • 9
  • 10
  • For now I'm using `pkill jupyter`, which is the same as `kill $(pgrep jupyter)`, taken from here: https://stackoverflow.com/questions/10162707/how-to-close-ipython-notebook-properly/32745046#32745046 – Seiji Armstrong Mar 15 '18 at 18:18

1 Answers1

0

This can happen if your certificate cannot be verified by whichever SSL libraries are used by Jupyter (I think the details have changed a bit over time). This is common if there certificate is self-signed - the default certificate stores may not be able to verify your issuer. I currently do something like this with my Jupyter setup script:

cat mycert.crt | openssl x509 -inform DER >> "$(python -c 'import certifi; print(certifi.where())')"

I believe if you already have the certificate in PEM form then you only need:

cat mycert.pem >> "$(python -c 'import certifi; print(certifi.where())')"

and then start it like this:

SSL_CERT_FILE=$(python -c 'import certifi; print(certifi.where())') jupyter notebook &

and stop similarly:

SSL_CERT_FILE=$(python -c 'import certifi; print(certifi.where())') jupyter notebook stop

The reason I use the certifi location and environment variable is that certifi appears to be the most-favoured package, and the environment setting appears to be respected by other libraries (including requests and built-in SSL modules).

The reason to also start the server with this updated file is so that notebooks can themselves connect to the server (e.g. for introspection).

Sam Brightman
  • 2,831
  • 4
  • 36
  • 38