I would like to run an IPython notebook web server behind an Apache (reverse) proxy so that instead of the URL

https://my.server:XXXX

(where XXXX is some port number) I could use

https://my.server/py0

I am aware that IPython uses websockets and I suspect this is the part that is missing from my setup, but I simply could not find a suitably detailed description on how to configure this. Unfortunately the IPython webserver setup docs don't have much to say regarding proxies apart from this:

When behind a proxy, especially if your system or browser is set to autodetect the proxy, the notebook web application might fail to connect to the server’s websockets[...]

So I decided to try it on my own and put the following in /etc/apache2/sites-enabled/default-ssl.conf :

            SSLProxyEngine On
            SSLProxyVerify none
            SSLProxyCheckPeerCN off
            SSLProxyCheckPeerName off
            ProxyPass       /py0/ https://localhost:10000/
            ProxyPassReverse        /py0/ https://localhost:10000/

Accessing IPython "directly" over the URL https://my.server:10000 works perfectly as advertised.

The URL https://my.server/py0 (without a trailing slash) returns "404 Not found".

The same with a trailing slash https://my.server/py0/ does "work" in that it forwards to https://my.server/login?next=%2F, which is then "Not found" in its own right -- obviously because the /py0/ part got lost. Maybe I should tell IPython about it but how ??

Perhaps relevant version numbers: Ubuntu 14.04 LTS, Apache 2.4.7.

Perhaps relevant SO question: IPython behind nginx. However, since everything else in my setup is handled by Apache to my full satisfaction, I do not want to run Nginx in addition.

Is there any good soul out there who has successfully configured IPython notebook web servers behind Apache? If yes, then please step forward and share your knowledge :-) Many thanks!

I got this working using the following setup.

IPython

IPython Notebook is listening at http://localhost:8888/ipython. It was necessary to add the /ipython prefix, because IPython uses absolute paths, so it must be the same as the reverse proxied path.

The ipython_notebook_config.py

c = get_config()
c.NotebookApp.ip = 'localhost'
c.NotebookApp.open_browser = False
c.NotebookApp.port = 8888
c.NotebookApp.base_url = '/ipython'

Apache

I enabled

• mod_proxy
• mod_proxy_http
• mod_proxy_wstunnel

In the apache config I added

<Location /ipython>
ProxyPass        http://localhost:8888/ipython
ProxyPassReverse http://localhost:8888/ipython
ProxyPassReverseCookieDomain localhost my.server.com
RequestHeader set Origin "http://localhost:8888"
</Location>

<Location /ipython/api/kernels/>
ProxyPass        ws://localhost:8888/ipython/api/kernels/
ProxyPassReverse ws://localhost:8888/ipython/api/kernels/
</Location>

to an SSL enabled virtual host definition.

The RequestHeader set Origin "http://localhost:8888" was necessary for the websockets, otherwise you get a 403 Forbidden.

Now IPython is reachable at https://my.server.com/ipython (no trailing /!).

WARNING: This is rather verbose, as I gather you have figured much of this, but for documentation purposes, I laid out enough detail here for someone else to follow.

I put this answer together after implementing this myself with the help from various links. The first from here Websocket origin check fails when used with Apache WS proxy #5525. I repeat much of it here with some changes. Other links are referenced below.

1. Set up iPython:

This is in the post, but rather than do it as the original post suggested, I just followed the general instructions for Running a notebook server. With this done you should be able to test the setup, which will require enabling the port you have this configured for. If this does not work, then any Apache set up will not work.

2. Configure Apache:

1. Make sure you have the following mods available and enabled.

./configure --enable-proxy --enable-ssl --enable-deflate --enable-proxy-http --enable-proxy-wstunnel --enable-info --enable-rewrite --enable-headers

Added --enable-headers here as they were not installed on mine. Also I used the Apache2 a2enmod command. So sudo a2enmod headers, sudo a2enmod proxy, etc.

If you're running a version of Apache prior to 2.4, you do not have the proxy_wstunnel mod. You can either a patch your version or upgrade. To patch your version, you can follow these instructions. Be sure to copy over both mod_proxy.so and mod_proxy_wstunnel.so. To get the configure script, you need to run ./buildconfig, which has its own dependencies. This is noted in a comment therein.

2. Within Apache, create a "sites-available/iPython.conf" file. Originally I said to either add to httpd.conf or ports.conf. Adding your own site file is much cleaner and will allow you to enable/disable the configuration when desired.

   Listen [ANY PORT HERE] # post has port 8999 here... ... <VirtualHost *:[ANY PORT HERE]> SSLProxyEngine On # post did not have this... ProxyPass / http://127.0.0.1:8888/ ProxyPassReverse / http://127.0.0.1:8888/ # spoof headers to make notepad accept the request as coming from the same origin Header set Origin "http://127.0.0.1:8888/" RequestHeader set Origin "http://127.0.0.1:8888/" LogLevel debug </VirtualHost>

   NOTE 1: The post uses port 8999, but it can be any port you want. You want port 80 here, but you do not need to specify it, so, modifying the above would yield:

   <VirtualHost *:80> ... # Everything is the same here... </VirtualHost>

   NOTE 2: Since you are using SSL, you need to add SSLProxyEngine On within the body of the VirtualHost definition. As noted above, the post did not have this specifically.

   NOTE 3: Port 8888 is whatever port ipython is running on. Change this based on your configuration.

   NOTE 4: If you want to host multiple applications, and this is one of them, rather than having / and :8888/, you will want /ipython and :8888/ipython or whatever you want this to be named. In order to support this, see Running with a different URL prefix.

3. Enable the new configuration: sudo a2ensite iPython

If you need to disable: sudo a2dissite iPython

4. Reload Apache: sudo service apache2 reload

My Environment:

Ubuntu 14.04.1 Apache 2.4.7 ipython 2.3.0

EDIT: Updated to reflect the final changes I made to get this working. I also changed the instruction order to what I think makes more sense.

This works for jupyter and password hash:

<VirtualHost *:443>
    ServerName  default
    ProxyPreserveHost On
    ProxyRequests off
    SSLProxyEngine on
    SSLEngine on
    SSLProtocol TLSv1
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLCertificateFile      /home/ubuntu/.certs/mycert.pem

    ProxyPass /notebook/terminals/websocket/       wss://localhost:9999/notebook/terminals/websocket/
    ProxyPassReverse /notebook/terminals/websocket/ wss://localhost:9999/notebook/terminals/websocket/

    ProxyPass /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/
    ProxyPassReverse /notebook/api/kernels/ wss://127.0.0.1:9999/notebook/api/kernels/

    ProxyPass /notebook https://127.0.0.1:9999/notebook
    ProxyPassReverse /notebook https://127.0.0.1:9999/notebook
</VirtualHost>

Based on Apache's config of @adam, I'm putting here a full SSL-aware <VirualHost> sections but without the /ipython prefix, and i'm giving also the SSL-options for anyone interested:

<VirtualHost *:80>
    ServerAdmin myname@my.place.com
    ServerName some.server.com
    SSLEngine off

    Redirect permanent / https://some.server.com
</VirtualHost>

## From http://stackoverflow.com/questions/23890386/how-to-run-ipython-behind-an-apache-proxy
#
<VirtualHost *:443>
    ServerAdmin myname@my.place.com
    ServerName some.server.com

    SSLEngine on

    SSLCertificateFile              some_server_com.crt
    SSLCertificateKeyFile           some_server_com.key


    <Location />
        ProxyPass        http://localhost:8888/
        ProxyPassReverse http://localhost:8888/
        ProxyPassReverseCookieDomain localhost some.server.com
        RequestHeader set Origin "http://localhost:8888"
    </Location>

    <Location /api/kernels/>
        ProxyPass        ws://localhost:8888/api/kernels/
        ProxyPassReverse ws://localhost:8888/api/kernels/
    </Location>

    Redirect permanent / https://some.server.com
</VirtualHost>

On newer versions of IPython/Jupyter that have a terminal you also need to add entries for terminals.

<Location /ipython/terminals/websocket/>
     ProxyPass        ws://localhost:8888/ipython/terminals/websocket/
     ProxyPassReverse ws://localhost:8888/ipython/terminals/websocket/
</Location>

I'm using apache version 2.4.18 in a server running Ubuntu 16.04.1 LTS(xenial) and finally I have my jupyter notebook running through ssl. I had already configured the standard SSL on my server, so https:// was working. I had also followed this instructions: Running a notebook server to get my cert file and my password in the jupyter_notebook_config.py configuration file. What I was missing was:

c.NotebookApp.allow_origin = '*'
c.NotebookApp.base_url = '/SomeName'

The apache configuration file that worked for me using solutions from several places and part of the answers here was:

SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

<Location "/SomeName">
    ProxyPass        https://localhost:XXXX/SomeName
    ProxyPassReverse https://localhost:XXXX/SomeName
</Location>

<Location "/SomeName/api/kernels">
    ProxyPass        wss://localhost:XXXX/SomeName/api/kernels
    ProxyPassReverse wss://localhost:XXXX/SomeName/api/kernels
</Location>
<Location "/SomeName/terminals/websocket">
    ProxyPass        wss://localhost:XXXX/SomeName/terminals/websocket
    ProxyPassReverse wss://localhost:XXXX/SomeName/terminals/websocket
</Location>

where XXXX is the port you are using, e.g. 8888, and SomeName could be any name you want. I hope this can help.