最近工作中,领导想统一管理分析师在他们电脑上的分析环境和任务脚本,让我给出解决方案。分析师使用的工具是Jupyter,自然而然的想到了官方的JupyterHub。经过调研,发现JupyterHub完全可以满足需求,分析师的学习成本几乎为零。于是花了一天时间部署了一个多用户的JupyterHub测试环境,并配置了GitHub认证。跟大家分享一下我的部署过程。01/环境根据JupyterHub安装要求,我准备了如下环境:系统环境:CentOS7.6Locale:Python3.6,NodeJS14.1602/安装JupyterHub并配置Nginx反向代理JupyterHub安装非常简单,直接使用pip安装即可.可以按照以下命令安装:npminstall-gconfigurable-http-proxypython3-mpipinstalljupyterhub安装完成后,创建一个JupyterHub运行目录,进入该目录,先生成一个配置文件,然后启动:jupyterhub--generate-configjupyterhub启动后在浏览器中输入:http://127.0.0.1:8000访问JupyterHub,会自动跳转到登录页面。JupyterHub支持多种账户认证,你甚至可以自己实现一个认证器。我使用的是GitHub认证器进行账号认证,后面会讲到如何对接GitHub认证。为了让分析师更好的使用JupyterHub,我申请了一个域名,使用Nginx反向代理JupyterHub到8000服务。我使用LinuxSystemd启动JupyterHub守护进程,创建一个名为jupyterhub.service的Unit配置,如下:[Unit]Description=TheJupyterHubServiceAfter=syslog.targetnetwork.target[Service]User=rootRestart=alwaysWorkingDirectory=/path/to/jupyterhubPrivateTmp=yesPrivateDevices=yesExecStart=/usr/bin/python3-mjupyterhub-fjupyterhub_config.py--upgrade-db[Install]WantedBy=multi-user.target配置完JupyterHub的Systemd服务后,就可以了使用以下命令来管理JupyterHub服务。systemctlstartjupyterhub.servicesystemctlstopjupyterhub.service连接着就可以配置Nginx反向代理了:#websocketheaders的顶层http配置#如果定义了Upgrade,Connection=upgrade#如果Upgrade为空,Connection=closemap$http_upgrade$connection_upgrade{默认升级;''close;}#HTTP服务器将所有80流量重定向到SSL/HTTPS服务器{listen80;server_nameYOUR.DOMAIN.COM;#告诉所有对端口80的请求被302重定向到HTTPSreturn302https://$host$request_uri;}#HTTPS服务器处理JupyterHubserver{listen443;sslon;server_nameYOUR.DOMAIN.COM;ssl_certificate/etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;ssl_protocolsTLSv1TLSv1.1TLSv1.2;ssl_prefer_server_ciphers开启;ssl_dhparam/etc/ssl/certs/dhparam.pem;ssl_ciphers'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';ssl_session_timeout1d;ssl_session_cache共享:SSL:50m;ssl_stapling开启;ssl_stapling_verify开启;add_headerStrict-Transport-Securitymax-age=15768000;#管理对JupyterHub前端位置的文字请求/{proxy_passhttp://127.0.0.1:8000;proxy_set_headerX-Real-IP$remote_addr;proxy_set_header主机$host;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;#websocketheadersproxy_http_version1.1;proxy_set_header升级$http_upgrade;proxy_set_header连接$connection_upgrade;{允许全部;
