Setting up jupyterhub with letsenncrypt SSL certs

My domain is: jlab.infops.co.uk

I ran this command: certbot --nginx -d jlab.infops.co.uk

It produced this output: Sorry, I don't have that information but the certs were installed into /etc/letsencrypt/live/jlab.infops.co.uk

My web server is (include version): **nginx/1.18.0 (Ubuntu) - nginx reverse proxy setup version **

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Fasthosts

I can login to a root shell on my machine (yes or no, or I don't know): *Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Mo

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0

Hi I am trying to get SSL to work on my jlab.infops.co.uk jupyterhub site. This is a new site and the first time I have tried to use Letsencrypt with nginx

I also have apache running on my my system configured for ports 80 and 443.

Nginx is configured for port 81 and 4443. I am trying to ruin jlab out on port 4443. I can see traffic hitting my site if I run tcpdump - I eth0 port 442

16:33:57.343354 IP My-Network.26012 > DA2E67C.online-server.cloud.4443: Flags [S], seq 2597879636, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.343423 IP DA2E67C.online-server.cloud.4443 > My-Network.26012: Flags [S.], seq 2918581266, ack 2597879637, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.348001 IP My-Network.26013 > DA2E67C.online-server.cloud.4443: Flags [S], seq 2705667315, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:33:57.348086 IP DA2E67C.online-server.cloud.4443 > My-Network.26013: Flags [S.], seq 3898086795, ack 2705667316, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:33:57.372226 IP My-Network.26012 > DA2E67C.online-server.cloud.4443: Flags [.], ack 1, win 513, length 0

When I run the server I am now getting a 400 Bad request error and 'My-Network' Error

my nginx config is as follows

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

server {
    listen 81;
    server_name jlab.infops.co.uk;
    return 301 https://$server_name$request_uri;
}

server {
    listen 4443 ssl http2;
    server_name jlab.infops.co.uk;

    client_max_body_size 100m;
    client_body_timeout 120s;
    sendfile off;

    ssl_certificate /etc/letsencrypt/live/jlab.infops.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jlab.infops.co.uk/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
      proxy_pass http://localhost:4443;
      proxy_set_header   X-Forwarded-For $remote_addr;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
  }
}

Can someone validate my lets encrypt parts. I cant see how I am not getting SSL as Lets encrypt is working fine on my other sites.

Thanks

1 Like

You're trying to proxy nginx to itself. And the protocols are not congruent, although the former issue is probably more important in a design way.

3 Likes

This should send 81 to 4443 [not 443].

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.