Skip to content

Deployment Overview of Jupyter Notebook on Server

Prerequisites and Basic Requirements

The following components and privileges are required to operate the Jupyter Notebook instance:

  • Operating System: Ubuntu

  • Privileges: Root access is required for initial configuration and service management.

  • Domain: The service operates under the hostkey.in zone.

  • Ports:

  • Internal application port: 8888

  • External HTTPS port: 443

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • notebook<Server ID>.hostkey.in:443

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and logs:

  • /opt/data: Main directory for Jupyter data and user files.

  • /opt/data/jupyter: Directory containing the Python virtual environment and Jupyter installation.

  • /root/.jupyter: Directory containing Jupyter configuration files.

  • /root/nginx: Directory containing the Docker Compose file for the reverse proxy.

  • /etc/systemd/system: Location of the Jupyter Notebook service unit file (symlinked from /usr/lib).

Application Installation Process

The application is installed using Python package management tools within a dedicated virtual environment. The process involves:

  1. Installing system dependencies including python3, python3-pip, jupyter, and python3-virtualenv.

  2. Creating a system user and group named jupyter with UID and GID 2841.

  3. Initializing a Python virtual environment at /opt/data/jupyter.

  4. Installing the following Python packages within the virtual environment:

  5. notebook

  6. voila

  7. virtualenv

  8. jupyter-server

  9. Generating the default Jupyter configuration file.

  10. Configuring the server to allow access from any origin.

  11. Setting a password for the Jupyter interface.

Access Rights and Security

Security controls are implemented as follows:

  • Firewall: External access is restricted to port 443 via the Nginx reverse proxy.

  • User Isolation: A dedicated system user jupyter is created to manage the application process and data ownership.

  • Service Execution: The Jupyter service runs with root privileges to handle network binding, though the working directory is owned by the jupyter user.

  • Origin Restrictions: The Jupyter configuration explicitly allows all origins (c.ServerApp.allow_origin = '*').

Databases

The current implementation does not utilize external relational or NoSQL databases. Data persistence is managed through the local file system at /opt/data.

Docker Containers and Their Deployment

A reverse proxy container is deployed to manage SSL termination and domain routing:

  • Image: jonasal/nginx-certbot:latest

  • Deployment Method: Docker Compose

  • Container Name: nginx (defined within the compose file)

  • Restart Policy: unless-stopped

  • Network Mode: Host

  • Volumes Mounted:

  • nginx_secrets (mapped to /etc/letsencrypt for SSL certificates)

  • /data/nginx/user_conf.d (mapped to /etc/nginx/user_conf.d for custom configurations)

  • /home (mapped to /home)

Proxy Servers

Traffic to the Jupyter Notebook is proxied through Nginx with Let's Encrypt integration for SSL/TLS encryption:

  • Software: Nginx with Certbot

  • Configuration Location: /root/nginx/compose.yml

  • Environment Variables:

  • CERTBOT_EMAIL: [email protected]

  • External Path: /

  • Internal Mapping: The proxy routes traffic from port 443 to the internal Jupyter port 8888.

Permission Settings

File and directory permissions are configured as follows:

  • /opt/data: Owner jupyter, Group jupyter, Mode 0777.

  • /opt/data/jupyter: Owner jupyter, Group jupyter, Mode 0755.

  • /root/nginx: Owner root, Group root, Mode 0644.

  • /root/.jupyter: Owner root (created during configuration generation).

Location of Configuration Files and Data

The primary configuration and data files are located at:

  • Service Unit: /usr/lib/systemd/system/jupyter-notebook.service

  • Jupyter Config: /root/.jupyter/jupyter_server_config.json (referenced in service) and /root/.jupyter/jupyter_notebook_config.py.

  • Docker Compose: /root/nginx/compose.yml

  • Notebook Data: /opt/data/jupyter/share/jupyter

Available Ports for Connection

  • 443: HTTPS (External access via Nginx proxy).

  • 8888: Internal Jupyter Notebook port (not directly exposed to the public internet).

Starting, Stopping, and Updating

The Jupyter Notebook application is managed as a native systemd service. Use the following commands to manage the service:

  • Start the service: 

    systemctl start jupyter-notebook

  • Stop the service: 

    systemctl stop jupyter-notebook

  • Restart the service: 

    systemctl restart jupyter-notebook

  • Enable auto-start on boot: 

    systemctl enable jupyter-notebook

  • Reload the daemon configuration: 

    systemctl daemon-reload

To update the Docker proxy configuration, navigate to /root/nginx and run: 

docker compose up -d

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×