Jupyter Notebook Remote Access

A convenient work pattern is to run code on the lab workstations running Jupyter notebooks, and accessing the notebook remotely from your home computer or laptop through the browser.

To configure these settings, check if you have a config file at ~/.jupyter/jupyter_notebook_config.py. If you don't, generate it with jupyter notebook --generate-config.

Setup

Remote Access

Jupyter notebooks running on lab workstations (e.g. aquila, corvus, tucana, goats, strfinator) by default are accessible only from that physical machine. In order to allow access remotely, open the config file and set c.NotebookApp.ip = '*'.

The default port can be set using c.NotebookApp.port, but it can also be set when you are starting up the notebook (e.g. jupyter notebook --port 8888 or jupyter lab --port 8888).

To access it remotely, when connected to the VPN, go to the browser and put in

https://<hostname>:<port>,

where is the workstation name (e.g. corvus). On windows the routing sometimes doesn't work, you may need to replace the with .fet.berkeley.edu.

Screen sessions

Normally, if you close the terminal session running the notebook, the notebook will close. To keep the notebook running even when you close the terminal session, you can run the notebook in a screen session.

Start the screen session with the command screen -S <SCREENNAME>. You can then start the notebook and leave the screen session with ctrl-a followed by ctrl-d. It will say you are detached from the screen but the notebook command you ran will continue running. To return to the screen session, type screen -r <SCREENNAME>.

Security

To ensure the connection is secure, the server should be only accessible from within the lab VPN and the notebook should be secured with a password. For extra security you can also set up HTTPS.

Set password

Set the password for your notebooks with the command jupyter notebook password

Set up HTTPS by creating a signed key and certificate for your jupyter notebook server

As long as you are connecting through the VPN, setting this all up is relatively unnecessary (VPN traffic is already encrypted). But it can be a fun exercise.

https://juno.sh/ssl-self-signed-cert/

1. Connect to zebra as ubuntu

2. cd openssl_certs

3. If the jupyter folder already exists, skip to step 7!

4. Create key for your server

mkdir jupyter jupyter/csr jupyter/certs jupyter/private
chmod 700 jupyter/private
openssl genrsa -out jupyter/private/ssl.key.pem 2048
chmod 400 jupyter/private/ssl.key.pem

5. Make request for certificate

openssl req -config openssl.cnf \
    -key jupyter/private/ssl.key.pem \
    -new -sha256 -out jupyter/csr/ssl.csr.pem

6. Issue server's certificate, signed by CA key. The ca password is "secure openssl password"

openssl ca -config openssl.cnf \
    -extensions server_cert -days 825 -notext -md sha256 \
    -in jupyter/csr/ssl.csr.pem \
    -out jupyter/certs/ssl.cert.pem
chmod 444 jupyter/certs/ssl.cert.pem

7. Upload the CA key (ca/certs/ca.cert.pem) to your browser as a trusted certificate authority.

8. Now, copy the server key from jupyter/private/ssl.key.pem and the signed certificate from jupyter/certs/ssl.cert.pem to your workstation (e.g. corvus/aquila/tucana). And point the jupyter config file to them with c.NotebookApp.keyfile and c.NotebookApp.certfile respectively.