Skip to content

Instantly share code, notes, and snippets.

@MircoT

MircoT/docker-compose.yml

Forked from cboettig/docker-compose.yml
Created February 26, 2019 14:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MircoT/803081aaf498ff319466a3627d29e712 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MircoT/803081aaf498ff319466a3627d29e712 to your computer and use it in GitHub Desktop.
Download ZIP
debugging NGINX configuration for Jupyter
Raw
README.md

Place both docker-compose.yml and nginx.conf in same working directory with an appropriate SERVER.crt and SERVER.key for the server. Make sure docker and docker-compose are installed, and run:

docker-compose up -d

visit https://SERVER/jupyter, correctly sets favicon and redirects to /tree but results in a 404. Not sure what's wrong here.

Raw
docker-compose.yml
jupyter:
image: jupyter/datascience-notebook
environment:
- PASSWORD=${PASSWORD}
command: start-notebook.sh --NotebookApp.base_url=/jupyter
nginx:
image: nginx
links:
- jupyter
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./SERVER.crt:/etc/ssl/certs/SERVER.crt
- ./SERVER.key:/etc/ssl/private/SERVER.key
ports:
- 443:443
restart: always
Raw
nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 0;
gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream jupyter {
server jupyter:8888 fail_timeout=0;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/SERVER.crt;
ssl_certificate_key /etc/ssl/private/SERVER.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
proxy_set_header Host $http_host; # required for Docker client sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large uploads
location /jupyter/ {
rewrite ^/jupyter/(.*)$ /$1 break;
proxy_pass http://jupyter;
proxy_redirect http://jupyter/ $scheme://$host/jupyter/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /500.html;
keepalive_timeout 0;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment