[英]jupyter notebook stop SSL error
I'm running a jupyter notebook inside an ubuntu 16.04 docker container, as a non-root user, with SSL configured via a .pem
file.我在 ubuntu 16.04 docker 容器内运行一个 jupyter notebook,作为非 root 用户,通过.pem
文件配置 SSL。 My issue is, I can't perform the jupyter notebook stop $port
command to stop the running server.我的问题是,我无法执行jupyter notebook stop $port
命令来停止正在运行的服务器。
I start the notebook by executing sudo HOME=/home/seiji -u seiji jupyter notebook
to change the HOME
environment variable (which is chown'd as seiji).我通过执行sudo HOME=/home/seiji -u seiji jupyter notebook
来更改HOME
环境变量(chown'd 为 seiji)来启动笔记本。
I can perform the usual jupyter notebook list
command by running it as the user ( seiji
) and feeding in the JUPYTER_RUNTIME_DIR
environment variable where jupyter looks for json
files containing server info.我可以通过以用户身份 ( seiji
) 运行它并输入JUPYTER_RUNTIME_DIR
环境变量来执行通常的jupyter notebook list
命令,jupyter 在其中查找包含服务器信息的json
文件。 For example: sudo JUPYTER_RUNTIME_DIR=/jupyter/runtime -u seiji jupyter notebook list
correctly returns: https://localhost:8888/:: /jupyter/notebooks
(I specify the runtime dir in the config file in the usual way).例如: sudo JUPYTER_RUNTIME_DIR=/jupyter/runtime -u seiji jupyter notebook list
正确返回: https://localhost:8888/:: /jupyter/notebooks
(我以通常的方式在配置文件中指定运行时目录)。
My issue is, I can't figure out how to execute jupyter notebook stop 8888
in a similar way.我的问题是,我不知道如何以类似的方式执行jupyter notebook stop 8888
。 If I run it as is, it runs as root and tells me There are no running servers
.如果我按原样运行它,它会以 root 身份运行并告诉我There are no running servers
。 If I run it as user:seiji
, I run into SSL issues.如果我以user:seiji
身份运行它,我会遇到 SSL 问题。 As in:如:
> sudo JUPYTER_RUNTIME_DIR=/jupyter/runtime -u seiji jupyter notebook stop 8888
returns an error.返回错误。 It begins: Shutting down server on port 8888...
but then prints the following:它开始: Shutting down server on port 8888...
但随后打印以下内容:
SSL Error on 10 ('::1', 8888, 0, 0): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) SSL 错误 10 ('::1', 8888, 0, 0): [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:645)
My guess is that it tries a 'http' address to access the server instead of 'https', but I can't figure out how to change this.我的猜测是它尝试使用“http”地址而不是“https”来访问服务器,但我不知道如何更改它。
I've also tried passing the environment variable JUPYTER_CONFIG_DIR
which contains the config file listing the location of the .pem
file with the line c.NotebookApp.certfile = u'/jupyter/certs/mycert.pem'
.我还尝试传递环境变量JUPYTER_CONFIG_DIR
,其中包含列出.pem
文件位置的配置文件,行为c.NotebookApp.certfile = u'/jupyter/certs/mycert.pem'
。 I've also tried explicitly feeding in the location of the cert when running from cmdline with --certfile=[location]
but it seems this is ignored.当使用--certfile=[location]
从 cmdline 运行时,我也尝试过显式地输入证书的位置,但似乎这被忽略了。 Does anyone have any ideas?有人有什么想法吗?
This can happen if your certificate cannot be verified by whichever SSL libraries are used by Jupyter (I think the details have changed a bit over time).如果您的证书无法通过 Jupyter 使用的任何 SSL 库进行验证,就会发生这种情况(我认为细节随着时间的推移发生了一些变化)。 This is common if there certificate is self-signed - the default certificate stores may not be able to verify your issuer.如果证书是自签名的,这很常见 - 默认证书存储可能无法验证您的颁发者。 I currently do something like this with my Jupyter setup script:我目前用我的 Jupyter 安装脚本做这样的事情:
cat mycert.crt | openssl x509 -inform DER >> "$(python -c 'import certifi; print(certifi.where())')"
I believe if you already have the certificate in PEM form then you only need:我相信如果您已经拥有 PEM 形式的证书,那么您只需要:
cat mycert.pem >> "$(python -c 'import certifi; print(certifi.where())')"
and then start it like this:然后像这样启动它:
SSL_CERT_FILE=$(python -c 'import certifi; print(certifi.where())') jupyter notebook &
and stop similarly:并停止类似:
SSL_CERT_FILE=$(python -c 'import certifi; print(certifi.where())') jupyter notebook stop
The reason I use the certifi
location and environment variable is that certifi
appears to be the most-favoured package, and the environment setting appears to be respected by other libraries (including requests
and built-in SSL modules).我使用certifi
位置和环境变量的原因是certifi
似乎是最受欢迎的 package,并且环境设置似乎受到其他库(包括requests
和内置 SSL 模块)的尊重。
The reason to also start the server with this updated file is so that notebooks can themselves connect to the server (eg for introspection).还使用这个更新的文件启动服务器的原因是笔记本电脑可以自己连接到服务器(例如用于内省)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.