LetsEncrypt HTTPS nginx 和 systemd 服务适用于 Jupyter Notebook?

tag-icon tag-icon nginx https python lets-encrypt nginx-reverse-proxy
LetsEncrypt HTTPS nginx 和 systemd 服务适用于 Jupyter Notebook?

我在 jupyter 和 nginx 中都没有遇到任何错误。将所有内容放入 HTTP 块中有效,/var/log/nginx/{access,error}.logjournalctlHTTPS 网站始终无法加载(我尝试过curl -Lvvv 'http://DOMAIN_NAME',重定向有效,但随后超时)

从 apt 官方镜像中启动最新的 nginxhttp://nginx.org/packages/ubuntu,我手动配置了 LetsEncrypt 和 dhparams 和 nginx-options,如下所示:

$ python3 -m venv venv
$ venv/bin/python -m pip install certbot
$ sudo systemctl stop nginx
$ venv/bin/certbot certonly --standalone --agree-tos \
                            -d '[DOMAIN_NAME]' -m '[EMAIL]'
$ base_url='https://raw.githubusercontent.com/certbot/certbot/master/certbot'
$ curl --proto '=https' --tlsv1.2 -sSf \
  "$base_url"'/certbot/ssl-dhparams.pem' \
   -o '/etc/ssl/certs/ssl-dhparam.pem'
$ curl --proto '=https' --tlsv1.2 -sSf \
  "$base_url"'-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf' \
  -o '/etc/letsencrypt/options-ssl-nginx.conf'
$ # Add `nginx service conf` and `jupyter_notebook.service` from below
$ systemctl start nginx

/lib/systemd/system/jupyter_notebook.service

[Unit]
Description=Job that runs the jupyter_notebook daemon

[Service]
User=VIRTUALENV_USER
Group=VIRTUALENV_GROUP
Environment=VIRTUALENV=VIRTUALENV_BIN
 Environment=PYTHONPATH=VIRTUALENV_BIN
WorkingDirectory=/MY/NOTEBOOKS/DIR
ExecStart=VIRTUALENV_BIN/jupyter notebook --no-browser \
          --NotebookApp.port=8000 \
          --NotebookApp.notebook_dir=/MY/NOTEBOOKS/DIR \
          --NotebookApp.local_hostnames DOMAIN_NAME \
          --NotebookApp.allow_origin DOMAIN_NAME \
          --NotebookApp.password_required=True \
          --NotebookApp.password argon2:$argon2id$v=19$m=1024<omitted>

[Install]
WantedBy=multi-user.target

/etc/nginx/sites-enabled/DOMAIN_NAME.conf

include /etc/nginx/sites-enabled/*.conf;然后在http块中添加nginx.conf以下内容:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    server_name DOMAIN_NAME;

    return 302 https://$host$request_uri;
}

server {
    listen 443 ssl;

    server_name DOMAIN_NAME;

    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;

    ssl_dhparam /etc/ssl/certs/ssl-dhparam.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Scheme $scheme;

        proxy_buffering off;
    }

    location ~ /.well-known {
        allow all;
    }
}

我也尝试在server块中添加这些块:

    location ~ /api/kernels/ {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade "websocket";
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 86400;
    }

    location ~ /terminals/ {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade "websocket";
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 86400;
    }

附言:我已经编写了整个过程的脚本,但在此处发布,以便您无需遵循我的自动化过程即可跟进。

我究竟做错了什么?

相关内容