Deployment Overview of Jupyter Notebook on Server¶
Prerequisites and Basic Requirements¶
The deployment requires a Linux server running Ubuntu. The following conditions must be met before installation: - Root privileges or sudo access are required to install system packages and configure services. - The system must have network access to download Python packages and Docker images. - Port 80 and 443 must be available for the Nginx reverse proxy and SSL termination. - The application listens on port 8888 by default, which is proxied through Nginx.
File and Directory Structure¶
The application and its supporting components utilize the following directory structure: - /opt/data: The primary data directory owned by the jupyter user, storing the virtual environment and notebook files. - /opt/data/jupyter: The Python virtual environment directory containing the Jupyter installation. - /root/.jupyter: The configuration directory for Jupyter Notebook settings. - /root/nginx: The directory containing the Docker Compose configuration for the Nginx proxy. - /data/nginx/user_conf.d: The directory for custom Nginx configuration files mounted in the container. - /etc/letsencrypt: The directory for SSL certificates managed by Certbot within the Docker volume.
Application Installation Process¶
The Jupyter Notebook application is installed using the native Python package manager within a dedicated virtual environment. The installation process involves: - Installing system dependencies including python3, python3-pip, jupyter, and python3-virtualenv. - Creating a virtual environment at /opt/data/jupyter. - Installing the following Python packages within the virtual environment: - notebook - voila - virtualenv - jupyter-server - Generating the default Jupyter configuration file. - Setting a password for the Jupyter Notebook interface.
Docker Containers and Their Deployment¶
A Docker container is deployed to handle reverse proxying and SSL certificate management using Nginx and Certbot. The deployment utilizes the following configuration: - Image: jonasal/nginx-certbot:latest - Restart Policy: unless-stopped - Network Mode: host - Environment Variables: - CERTBOT_EMAIL is set to [email protected]. - Volumes: - nginx_secrets (external) mounted to /etc/letsencrypt. - /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d. - /home mounted to /home. - Configuration File: The container is managed via a docker compose file located at /root/nginx/compose.yml.
To start the proxy service, the following command is executed in the /root/nginx directory:
Proxy Servers¶
The Nginx container acts as a reverse proxy for the Jupyter Notebook application. It handles: - SSL/TLS termination using Let's Encrypt certificates managed by Certbot. - Routing traffic to the Jupyter Notebook service running on the host. - Custom domain configuration via files placed in /data/nginx/user_conf.d. - Environment variables for Certbot configuration are loaded from /data/nginx/nginx-certbot.env.
Access Rights and Security¶
Security and access control are configured as follows: - A dedicated system group named jupyter with GID 2841 is created. - A dedicated system user named jupyter with UID 2841 is created and assigned to the jupyter group. - The Jupyter Notebook configuration allows connections from any origin (c.ServerApp.allow_origin = '*'). - The application binds to 0.0.0.0, making it accessible via the network interface. - A password is generated and enforced for accessing the Jupyter Notebook web interface.
Permission Settings¶
File and directory permissions are set to ensure proper operation: - The /opt/data directory is owned by the jupyter user and group with permissions 0777. - The /opt/data/jupyter virtual environment directory is owned by the jupyter user and group with permissions 0755. - The /root/nginx directory is owned by root with permissions 0644. - The Docker Compose file /root/nginx/compose.yml is owned by root with permissions 0644.
Starting, Stopping, and Updating¶
The Jupyter Notebook service is managed via systemd. The service file is located at /usr/lib/systemd/system/jupyter-notebook.service.
To manage the service, use the following commands: - Start the service:
- Stop the service: - Enable the service to start on boot: - Reload the systemd daemon configuration: - Check the service status:The service is configured to restart automatically if it fails, with a restart interval of 10 seconds.