HTTPS

Nginx webserver installation

# Install package
sudo apt-get install nginx
 
# Configuration
sudo unlink /etc/nginx/sites-enabled/default
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/letsencrypt
 
sudo mkdir -p /srv/nginx/letsencrypt
sudo touch /srv/nginx/letsencrypt/index.htm
 
sudo nano /etc/nginx/sites-available/letsencrypt
# root /var/www/html;  ->  root /srv/nginx/letsencrypt;
 
sudo ln -s /etc/nginx/sites-available/letsencrypt /etc/nginx/sites-enabled/letsencrypt
sudo /etc/init.d/nginx restart

Let’s Encrypt

Run the installation on the VM/host, not inside of the docker container.

• Info: Let’s Encrypt "is a free, automated, and open Certificate Authority".
• Get certbot-auto for Nginx on Ubuntu (other). It "automatically enables HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates".
• Run ./certbot-auto --nginx and enter your domain name.
• You'll find your certificates at /etc/letsencrypt/live/

Docker container - Version A

• Copy (or create a symlink to) the certificates into the docker container.
• Edit /mnt/jupyterhub_config.py and change the entries
  • c.JupyterHub.ssl_cert
  • c.JupyterHub.ssl_key

Docker container - Version B

Make a backup

sudo docker exec nbgsnlp mv /opt/ssl/cert.pem /opt/ssl/original_cert.pem
sudo docker exec nbgsnlp mv /opt/ssl/key.pem /opt/ssl/original_key.pem

Installed certificates may be only reachable via symlinks
This can cause problems on docker cp

sudo ls -la /etc/letsencrypt/live/diceapp.cs.upb.de/
cert.pem -> ../../archive/diceapp.cs.upb.de/cert1.pem
chain.pem -> ../../archive/diceapp.cs.upb.de/chain1.pem
fullchain.pem -> ../../archive/diceapp.cs.upb.de/fullchain1.pem
privkey.pem -> ../../archive/diceapp.cs.upb.de/privkey1.pem

Copy original files

sudo docker cp /etc/letsencrypt/archive/diceapp.cs.upb.de/fullchain1.pem nbgjava:/opt/ssl/cert.pem
sudo docker cp /etc/letsencrypt/archive/diceapp.cs.upb.de/privkey1.pem nbgjava:/opt/ssl/key.pem

Restart

sudo docker restart nbgsnlp