Setting up jupyterhub with letsenncrypt SSL certs

My domain is:

I ran this command: certbot --nginx -d

It produced this output: Sorry, I don't have that information but the certs were installed into /etc/letsencrypt/live/

My web server is (include version): **nginx/1.18.0 (Ubuntu) - nginx reverse proxy setup version **

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Fasthosts

I can login to a root shell on my machine (yes or no, or I don't know): *Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Mo

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0

Hi I am trying to get SSL to work on my jupyterhub site. This is a new site and the first time I have tried to use Letsencrypt with nginx

I also have apache running on my my system configured for ports 80 and 443.

Nginx is configured for port 81 and 4443. I am trying to ruin jlab out on port 4443. I can see traffic hitting my site if I run tcpdump - I eth0 port 442

16:33:57.343354 IP My-Network.26012 > Flags [S], seq 2597879636, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.343423 IP > My-Network.26012: Flags [S.], seq 2918581266, ack 2597879637, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.348001 IP My-Network.26013 > Flags [S], seq 2705667315, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.348086 IP > My-Network.26013: Flags [S.], seq 3898086795, ack 2705667316, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.372226 IP My-Network.26012 > Flags [.], ack 1, win 513, length 0

When I run the server I am now getting a 400 Bad request error and 'My-Network' Error

my nginx config is as follows

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;

server {
    listen 81;
    return 301 https://$server_name$request_uri;

server {
    listen 4443 ssl http2;

    client_max_body_size 100m;
    client_body_timeout 120s;
    sendfile off;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
      proxy_pass http://localhost:4443;
      proxy_set_header   X-Forwarded-For $remote_addr;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;

Can someone validate my lets encrypt parts. I cant see how I am not getting SSL as Lets encrypt is working fine on my other sites.


1 Like

You're trying to proxy nginx to itself. And the protocols are not congruent, although the former issue is probably more important in a design way.


This should send 81 to 4443 [not 443].


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.