(airavata) branch agent-framewok-refactoring updated: enable ssl for jupyterhub

[lahirujayathilake]

This is an automated email from the ASF dual-hosted git repository.

lahirujayathilake pushed a commit to branch agent-framewok-refactoring
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/agent-framewok-refactoring by 
this push:
     new 1e64aab248 enable ssl for jupyterhub
1e64aab248 is described below

commit 1e64aab248e84005347a90f8bed4d2614c6e052b
Author: lahiruj <lahirujayathil...@gmail.com>
AuthorDate: Thu Dec 5 02:45:12 2024 -0500

    enable ssl for jupyterhub
---
 .../deployment/jupyterhub/jupyterhub_config.py     |  6 +++-
 dev-tools/deployment/jupyterhub/nginx-conf         | 38 ++++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/dev-tools/deployment/jupyterhub/jupyterhub_config.py 
b/dev-tools/deployment/jupyterhub/jupyterhub_config.py
index e37b7e0e90..8962f4476a 100644
--- a/dev-tools/deployment/jupyterhub/jupyterhub_config.py
+++ b/dev-tools/deployment/jupyterhub/jupyterhub_config.py
@@ -6,7 +6,7 @@ import sys
 c.JupyterHub.authenticator_class = GenericOAuthenticator
 c.GenericOAuthenticator.client_id = os.getenv('OAUTH_CLIENT_ID')
 c.GenericOAuthenticator.client_secret = os.getenv('OAUTH_CLIENT_SECRET')
-c.GenericOAuthenticator.oauth_callback_url = 
'http://3.147.153.73:8000/hub/oauth_callback'
+c.GenericOAuthenticator.oauth_callback_url = 
'https://hub.cybershuttle.org/hub/oauth_callback'
 c.GenericOAuthenticator.authorize_url = 
'https://auth.cybershuttle.org/realms/10000000/protocol/openid-connect/auth'
 c.GenericOAuthenticator.token_url = 
'https://auth.cybershuttle.org/realms/10000000/protocol/openid-connect/token'
 c.GenericOAuthenticator.userdata_url = 
'https://auth.cybershuttle.org/realms/10000000/protocol/openid-connect/userinfo'
@@ -62,3 +62,7 @@ c.JupyterHub.load_roles = [
         "services": ["jupyterhub-idle-culler-service"],
     }
 ]
+
+# SSL Termination
+c.JupyterHub.bind_url = 'http://:8000'
+c.JupyterHub.external_ssl = True
\ No newline at end of file
diff --git a/dev-tools/deployment/jupyterhub/nginx-conf 
b/dev-tools/deployment/jupyterhub/nginx-conf
new file mode 100644
index 0000000000..a996d0b812
--- /dev/null
+++ b/dev-tools/deployment/jupyterhub/nginx-conf
@@ -0,0 +1,38 @@
+server {
+    listen 80;
+    server_name hub.cybershuttle.org;
+
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+
+     location / {
+        return 301 https://$host$request_uri;
+     }
+}
+
+
+server {
+    listen 443 ssl;
+    server_name hub.cybershuttle.org;
+
+
+    ssl_certificate /etc/letsencrypt/live/hub.cybershuttle.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hub.cybershuttle.org/privkey.pem;
+
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
+    ssl_prefer_server_ciphers on;
+
+
+    location / {
+        proxy_pass http://localhost:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}