Tuxae-Jupyter-Manager
Build/Deploy jupyter environments for Tuxae members.
Prerequisites
Docker install
DNS configuration
server.domain.tld. 0 A <IPv4 address A.B.C.D>
*.domain.tld. 0 CNAME server.domain.tld.
domain.tld. 0 CAA 0 issuewild "letsencrypt.org."
See https://letsencrypt.org/docs/caa/ for more details about CAA DNS entries.
Install
cp docker-compose.yml{.dist,}
- Update emails/passwords configuration
MAIL_USERNAME
has to be a gmail email- Use start.sh
Manual deployment
Docker registry
The web application provide an access to docker images from the local registry
Example to add an image to the local registry:
docker pull jupyter/datascience-notebook:latest
docker tag jupyter/datascience-notebook:latest 127.0.0.1:5000/datascience-notebook
docker push 127.0.0.1:5000/datascience-notebook
You can check available images on http://127.0.0.1:5000/v2/_catalog
curl http://127.0.0.1:5000/v2/_catalog
{"repositories":["datascience-notebook"]}
Reverse proxy
nginx-proxy
Github repository: https://github.com/jwilder/nginx-proxy
docker run --detach \
--name nginx-proxy \
--publish 80:80 \
--publish 443:443 \
--volume /etc/nginx/certs \
--volume /etc/nginx/vhost.d \
--volume /usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
nginx-proxy-letsencrypt
Github repository: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
docker run --detach \
--name nginx-proxy-letsencrypt \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--env "DEFAULT_EMAIL=mail@domain.tld" \
jrcs/letsencrypt-nginx-proxy-companion
(You can use --env "DEBUG=true"
if needed)
Web application
docker build -t webapp app/
docker run --detach \
--name webapp \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume /opt/database:/app/database:rw \
--volume /opt/users:/opt/users:rw \
--env "VIRTUAL_PORT=80" \
--env "VIRTUAL_HOST=subdomain.domain.tld" \
--env "LETSENCRYPT_HOST=subdomain.domain.tld" \
--env "LETSENCRYPT_EMAIL=mail@domain.tld" \
--env "DEFAULT_ADMIN_EMAIL=mail@example.org" \
--env "DEFAULT_ADMIN_PASSWORD=password" \
--env "DOCKER_REGISTRY_URI=127.0.0.1:5000" \
--env "EXTERNAL_URI=https://subdomain.domain.tld" \
--env "MAIL_USERNAME=mail@gmail.com" \
--env "MAIL_PASSWORD=password" \
--env "SERVER_DOMAIN=domain.tld" \
webapp
Result
Annex
Troubleshooting
docker logs nginx-proxy-letsencrypt
:
2019-12-08 06:11:14,854:ERROR:simp_le:1396: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1612130256
Use --env "DEBUG=true"
while running jrcs/letsencrypt-nginx-proxy-companion
This link might help: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Invalid-authorizations.md