-
Notifications
You must be signed in to change notification settings - Fork 4
/
secure-notebook-server.sh
74 lines (74 loc) · 3.29 KB
/
secure-notebook-server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
# Adapted from the MLP course
# Configure Jupyter notebook server to use password authentication
# Make sure Conda environment is active as will assume it is later
[ -z "$CONDA_PREFIX" ] && echo "Need to have Conda environment activated." && exit 1
if [ "$#" -gt 2 ]; then
echo "Usage: bash secure-notebook-server.sh [jupyter-path] [open-ssl-config-path]"
exit 1
fi
# If specified read Jupyter directory from passed argument
JUPYTER_DIR=${1:-"$HOME/.jupyter"}
# If specified read OpenSSL config file path from passed argument
# This is needed due to bug in how Conda handles config path
export OPENSSL_CONF=${2:-"$CONDA_PREFIX/ssl/openssl.cnf"}
SEPARATOR="=================================================================\n"
# Create default config file if one does not already exist
if [ ! -f "$JUPYTER_DIR/jupyter_notebook_config.py" ]; then
echo "No existing notebook configuration file found, creating new one ..."
printf $SEPARATOR
jupyter notebook --generate-config
printf $SEPARATOR
echo "... notebook configuration file created."
fi
# Get user to enter notebook server password
echo "Getting notebook server password hash. Enter password when prompted ..."
printf $SEPARATOR
HASH=$(python -c "from notebook.auth import passwd; print(passwd());")
printf $SEPARATOR
echo "... got password hash."
# Generate self-signed OpenSSL certificate and key file
echo "Creating certificate file ..."
printf $SEPARATOR
CERT_INFO="/C=UK/ST=Scotland/L=Edinburgh/O=University of Edinburgh/OU=School of Informatics/CN=$USER/[email protected]"
openssl req \
-x509 -nodes -days 365 \
-subj "/C=UK/ST=Scotland/L=Edinburgh/O=University of Edinburgh/OU=School of Informatics/CN=$USER/[email protected]" \
-newkey rsa:1024 -keyout "$JUPYTER_DIR/key.key" \
-out "$JUPYTER_DIR/cert.pem"
printf $SEPARATOR
echo "... certificate created."
# Setting permissions on key file
chmod 600 "$JUPYTER_DIR/key.key"
# Add password hash and certificate + key file paths to config file
echo "Setting up configuration file..."
printf $SEPARATOR
echo " adding password hash"
SRC_PSW="^#\?c\.NotebookApp\.password[ ]*=[ ]*u['"'"'"]\(sha1:[a-fA-F0-9]\+\)\?['"'"'"]"
DST_PSW="c.NotebookApp.password = u'$HASH'"
grep -q "c.NotebookApp.password" $JUPYTER_DIR/jupyter_notebook_config.py
if [ ! $? -eq 0 ]; then
echo DST_PSW >> $JUPYTER_DIR/jupyter_notebook_config.py
else
sed -i "s/$SRC_PSW/$DST_PSW/" $JUPYTER_DIR/jupyter_notebook_config.py
fi
echo " adding certificate file path"
SRC_CRT="^#\?c\.NotebookApp\.certfile[ ]*=[ ]*u['"'"'"]\([^'"'"'"]+\)\?['"'"'"]"
DST_CRT="c.NotebookApp.certfile = u'$JUPYTER_DIR/cert.pem'"
grep -q "c.NotebookApp.certfile" $JUPYTER_DIR/jupyter_notebook_config.py
if [ ! $? -eq 0 ]; then
echo DST_CRT >> $JUPYTER_DIR/jupyter_notebook_config.py
else
sed -i "s|$SRC_CRT|$DST_CRT|" $JUPYTER_DIR/jupyter_notebook_config.py
fi
echo " adding key file path"
SRC_KEY="^#\?c\.NotebookApp\.keyfile[ ]*=[ ]*u['"'"'"]\([^'"'"'"]+\)\?['"'"'"]"
DST_KEY="c.NotebookApp.keyfile = u'$JUPYTER_DIR/key.key'"
grep -q "c.NotebookApp.keyfile" $JUPYTER_DIR/jupyter_notebook_config.py
if [ ! $? -eq 0 ]; then
echo DST_KEY >> $JUPYTER_DIR/jupyter_notebook_config.py
else
sed -i "s|$SRC_KEY|$DST_KEY|" $JUPYTER_DIR/jupyter_notebook_config.py
fi
printf $SEPARATOR
echo "... finished setting up configuration file."