1: 2020-08-21 (金) 16:32:33 iseki |
現: 1970-01-01 (木) 18:00:00 |
- | ** dockerspawner 用 jupyter_config.py サンプル [#z067f17a] | |
- | # Configuration file for jupyterhub. | |
| | | |
- | #------------------------------------------------------------------------------ | |
- | # Application(SingletonConfigurable) configuration | |
- | #------------------------------------------------------------------------------ | |
- | | |
- | ## This is an application. | |
- | | |
- | ## The date format used by logging formatters for %(asctime)s | |
- | #c.Application.log_datefmt = '%Y-%m-%d %H:%M:%S' | |
- | | |
- | ## The Logging format template | |
- | #c.Application.log_format = '[%(name)s]%(highlevel)s %(message)s' | |
- | | |
- | ## Set the log level by value or name. | |
- | #c.Application.log_level = 30 | |
- | | |
- | #------------------------------------------------------------------------------ | |
- | # JupyterHub(Application) configuration | |
- | #------------------------------------------------------------------------------ | |
- | | |
- | ## An Application for starting a Multi-User Jupyter Notebook server. | |
- | | |
- | ## Maximum number of concurrent servers that can be active at a time. | |
- | # | |
- | # Setting this can limit the total resources your users can consume. | |
- | # | |
- | # An active server is any server that's not fully stopped. It is considered | |
- | # active from the time it has been requested until the time that it has | |
- | # completely stopped. | |
- | # | |
- | # If this many user servers are active, users will not be able to launch new | |
- | # servers until a server is shutdown. Spawn requests will be rejected with a 429 | |
- | # error asking them to try again. | |
- | # | |
- | # If set to 0, no limit is enforced. | |
- | #c.JupyterHub.active_server_limit = 0 | |
- | | |
- | ## Duration (in seconds) to determine the number of active users. | |
- | #c.JupyterHub.active_user_window = 1800 | |
- | | |
- | ## Resolution (in seconds) for updating activity | |
- | # | |
- | # If activity is registered that is less than activity_resolution seconds more | |
- | # recent than the current value, the new value will be ignored. | |
- | # | |
- | # This avoids too many writes to the Hub database. | |
- | #c.JupyterHub.activity_resolution = 30 | |
- | | |
- | ## Grant admin users permission to access single-user servers. | |
- | # | |
- | # Users should be properly informed if this is enabled. | |
- | #c.JupyterHub.admin_access = False | |
- | | |
- | ## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead. | |
- | #c.JupyterHub.admin_users = set() | |
- | | |
- | ## Allow named single-user servers per user | |
- | #c.JupyterHub.allow_named_servers = False | |
- | | |
- | ## Answer yes to any questions (e.g. confirm overwrite) | |
- | #c.JupyterHub.answer_yes = False | |
- | | |
- | ## PENDING DEPRECATION: consider using services | |
- | # | |
- | # Dict of token:username to be loaded into the database. | |
- | # | |
- | # Allows ahead-of-time generation of API tokens for use by externally managed | |
- | # services, which authenticate as JupyterHub users. | |
- | # | |
- | # Consider using services for general services that talk to the JupyterHub API. | |
- | #c.JupyterHub.api_tokens = {} | |
- | | |
- | ## Authentication for prometheus metrics | |
- | #c.JupyterHub.authenticate_prometheus = True | |
- | | |
- | ## Class for authenticating users. | |
- | # | |
- | # This should be a subclass of :class:`jupyterhub.auth.Authenticator` | |
- | # | |
- | # with an :meth:`authenticate` method that: | |
- | # | |
- | # - is a coroutine (asyncio or tornado) | |
- | # - returns username on success, None on failure | |
- | # - takes two arguments: (handler, data), | |
- | # where `handler` is the calling web.RequestHandler, | |
- | # and `data` is the POST form data from the login page. | |
- | # | |
- | # .. versionchanged:: 1.0 | |
- | # authenticators may be registered via entry points, | |
- | # e.g. `c.JupyterHub.authenticator_class = 'pam'` | |
- | # | |
- | # Currently installed: | |
- | # - default: jupyterhub.auth.PAMAuthenticator | |
- | # - dummy: jupyterhub.auth.DummyAuthenticator | |
- | # - pam: jupyterhub.auth.PAMAuthenticator | |
- | #c.JupyterHub.authenticator_class = 'jupyterhub.auth.DummyAuthenticator' | |
- | #c.JupyterHub.authenticator_class = 'nativeauthenticator.NativeAuthenticator' | |
- | c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator' | |
- | c.PAMAuthenticator.open_sessions = False | |
- | | |
- | # for LDAP | |
- | #c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator' | |
- | #c.LDAPAuthenticator.server_address = '<server_address>' | |
- | #c.LDAPAuthenticator.bind_dn_template = 'uid={username},cn=users,dc=example,dc=com' | |
- | #c.LDAPAuthenticator.use_ssl = True | |
- | | |
- | ## The base URL of the entire application. | |
- | # | |
- | # Add this to the beginning of all JupyterHub URLs. Use base_url to run | |
- | # JupyterHub within an existing website. | |
- | # | |
- | # .. deprecated: 0.9 | |
- | # Use JupyterHub.bind_url | |
- | #c.JupyterHub.base_url = '/' | |
- | | |
- | ## The public facing URL of the whole JupyterHub application. | |
- | # | |
- | # This is the address on which the proxy will bind. Sets protocol, ip, base_url | |
- | c.JupyterHub.bind_url = 'http://192.168.27.20:8000' | |
- | | |
- | ## Whether to shutdown the proxy when the Hub shuts down. | |
- | # | |
- | # Disable if you want to be able to teardown the Hub while leaving the proxy | |
- | # running. | |
- | # | |
- | # Only valid if the proxy was starting by the Hub process. | |
- | # | |
- | # If both this and cleanup_servers are False, sending SIGINT to the Hub will | |
- | # only shutdown the Hub, leaving everything else running. | |
- | # | |
- | # The Hub should be able to resume from database state. | |
- | #c.JupyterHub.cleanup_proxy = True | |
- | | |
- | ## Whether to shutdown single-user servers when the Hub shuts down. | |
- | # | |
- | # Disable if you want to be able to teardown the Hub while leaving the single- | |
- | # user servers running. | |
- | # | |
- | # If both this and cleanup_proxy are False, sending SIGINT to the Hub will only | |
- | # shutdown the Hub, leaving everything else running. | |
- | # | |
- | # The Hub should be able to resume from database state. | |
- | #c.JupyterHub.cleanup_servers = True | |
- | | |
- | ## Maximum number of concurrent users that can be spawning at a time. | |
- | # | |
- | # Spawning lots of servers at the same time can cause performance problems for | |
- | # the Hub or the underlying spawning system. Set this limit to prevent bursts of | |
- | # logins from attempting to spawn too many servers at the same time. | |
- | # | |
- | # This does not limit the number of total running servers. See | |
- | # active_server_limit for that. | |
- | # | |
- | # If more than this many users attempt to spawn at a time, their requests will | |
- | # be rejected with a 429 error asking them to try again. Users will have to wait | |
- | # for some of the spawning services to finish starting before they can start | |
- | # their own. | |
- | # | |
- | # If set to 0, no limit is enforced. | |
- | #c.JupyterHub.concurrent_spawn_limit = 100 | |
- | | |
- | ## The config file to load | |
- | #c.JupyterHub.config_file = 'jupyterhub_config.py' | |
- | | |
- | ## DEPRECATED: does nothing | |
- | #c.JupyterHub.confirm_no_ssl = False | |
- | | |
- | ## Number of days for a login cookie to be valid. Default is two weeks. | |
- | #c.JupyterHub.cookie_max_age_days = 14 | |
- | | |
- | ## The cookie secret to use to encrypt cookies. | |
- | # | |
- | # Loaded from the JPY_COOKIE_SECRET env variable by default. | |
- | # | |
- | # Should be exactly 256 bits (32 bytes). | |
- | #c.JupyterHub.cookie_secret = b'' | |
- | | |
- | ## File in which to store the cookie secret. | |
- | #c.JupyterHub.cookie_secret_file = 'jupyterhub_cookie_secret' | |
- | | |
- | ## The location of jupyterhub data files (e.g. /usr/local/share/jupyterhub) | |
- | #c.JupyterHub.data_files_path = '/usr/local/anaconda/envs/jupyterhub38/share/jupyterhub' | |
- | | |
- | ## Include any kwargs to pass to the database connection. See | |
- | # sqlalchemy.create_engine for details. | |
- | #c.JupyterHub.db_kwargs = {} | |
- | | |
- | ## url for the database. e.g. `sqlite:///jupyterhub.sqlite` | |
- | c.JupyterHub.db_url = 'sqlite:////var/lib/jupyterhub/jupyterhub.sqlite' | |
- | | |
- | ## log all database transactions. This has A LOT of output | |
- | #c.JupyterHub.debug_db = False | |
- | | |
- | ## DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.debug | |
- | #c.JupyterHub.debug_proxy = False | |
- | | |
- | ## If named servers are enabled, default name of server to spawn or open, e.g. by | |
- | # user-redirect. | |
- | #c.JupyterHub.default_server_name = '' | |
- | | |
- | ## The default URL for users when they arrive (e.g. when user directs to "/") | |
- | # | |
- | # By default, redirects users to their own server. | |
- | #c.JupyterHub.default_url = '' | |
- | | |
- | ## Dict authority:dict(files). Specify the key, cert, and/or ca file for an | |
- | # authority. This is useful for externally managed proxies that wish to use | |
- | # internal_ssl. | |
- | # | |
- | # The files dict has this format (you must specify at least a cert):: | |
- | # | |
- | # { | |
- | # 'key': '/path/to/key.key', | |
- | # 'cert': '/path/to/cert.crt', | |
- | # 'ca': '/path/to/ca.crt' | |
- | # } | |
- | # | |
- | # The authorities you can override: 'hub-ca', 'notebooks-ca', 'proxy-api-ca', | |
- | # 'proxy-client-ca', and 'services-ca'. | |
- | # | |
- | # Use with internal_ssl | |
- | #c.JupyterHub.external_ssl_authorities = {} | |
- | | |
- | ## Register extra tornado Handlers for jupyterhub. | |
- | # | |
- | # Should be of the form ``("<regex>", Handler)`` | |
- | # | |
- | # The Hub prefix will be added, so `/my-page` will be served at `/hub/my-page`. | |
- | #c.JupyterHub.extra_handlers = [] | |
- | | |
- | ## DEPRECATED: use output redirection instead, e.g. | |
- | # | |
- | # jupyterhub &>> /var/log/jupyterhub.log | |
- | #c.JupyterHub.extra_log_file = '' | |
- | | |
- | ## Extra log handlers to set on JupyterHub logger | |
- | #c.JupyterHub.extra_log_handlers = [] | |
- | | |
- | ## Generate certs used for internal ssl | |
- | #c.JupyterHub.generate_certs = False | |
- | | |
- | ## Generate default config file | |
- | #c.JupyterHub.generate_config = False | |
- | | |
- | ## The URL on which the Hub will listen. This is a private URL for internal | |
- | # communication. Typically set in combination with hub_connect_url. If a unix | |
- | # socket, hub_connect_url **must** also be set. | |
- | # | |
- | # For example: | |
- | # | |
- | # "http://127.0.0.1:8081" | |
- | # "unix+http://%2Fsrv%2Fjupyterhub%2Fjupyterhub.sock" | |
- | # | |
- | # .. versionadded:: 0.9 | |
- | c.JupyterHub.hub_bind_url = 'http://192.168.27.20:8081' | |
- | | |
- | ## The ip or hostname for proxies and spawners to use for connecting to the Hub. | |
- | # | |
- | # Use when the bind address (`hub_ip`) is 0.0.0.0 or otherwise different from | |
- | # the connect address. | |
- | # | |
- | # Default: when `hub_ip` is 0.0.0.0, use `socket.gethostname()`, otherwise use | |
- | # `hub_ip`. | |
- | # | |
- | # Note: Some spawners or proxy implementations might not support hostnames. | |
- | # Check your spawner or proxy documentation to see if they have extra | |
- | # requirements. | |
- | # | |
- | # .. versionadded:: 0.8 | |
- | c.JupyterHub.hub_connect_ip = '192.168.27.20' | |
- | | |
- | ## DEPRECATED | |
- | # | |
- | # Use hub_connect_url | |
- | # | |
- | # .. versionadded:: 0.8 | |
- | # | |
- | # .. deprecated:: 0.9 | |
- | # Use hub_connect_url | |
- | #c.JupyterHub.hub_connect_port = 0 | |
- | | |
- | ## The URL for connecting to the Hub. Spawners, services, and the proxy will use | |
- | # this URL to talk to the Hub. | |
- | # | |
- | # Only needs to be specified if the default hub URL is not connectable (e.g. | |
- | # using a unix+http:// bind url). | |
- | # | |
- | # .. seealso:: | |
- | # JupyterHub.hub_connect_ip | |
- | # JupyterHub.hub_bind_url | |
- | # | |
- | # .. versionadded:: 0.9 | |
- | #c.JupyterHub.hub_connect_url = '' | |
- | | |
- | ## The ip address for the Hub process to *bind* to. | |
- | # | |
- | # By default, the hub listens on localhost only. This address must be accessible | |
- | # from the proxy and user servers. You may need to set this to a public ip or '' | |
- | # for all interfaces if the proxy or user servers are in containers or on a | |
- | # different host. | |
- | # | |
- | # See `hub_connect_ip` for cases where the bind and connect address should | |
- | # differ, or `hub_bind_url` for setting the full bind URL. | |
- | #c.JupyterHub.hub_ip = '192.168.27.20' | |
- | #c.JupyterHub.hub_ip = '127.0.0.1' | |
- | c.JupyterHub.hub_ip = '0.0.0.0' | |
- | | |
- | ## The internal port for the Hub process. | |
- | # | |
- | # This is the internal port of the hub itself. It should never be accessed | |
- | # directly. See JupyterHub.port for the public port to use when accessing | |
- | # jupyterhub. It is rare that this port should be set except in cases of port | |
- | # conflict. | |
- | # | |
- | # See also `hub_ip` for the ip and `hub_bind_url` for setting the full bind URL. | |
- | c.JupyterHub.hub_port = 8081 | |
- | | |
- | ## Timeout (in seconds) to wait for spawners to initialize | |
- | # | |
- | # Checking if spawners are healthy can take a long time if many spawners are | |
- | # active at hub start time. | |
- | # | |
- | # If it takes longer than this timeout to check, init_spawner will be left to | |
- | # complete in the background and the http server is allowed to start. | |
- | # | |
- | # A timeout of -1 means wait forever, which can mean a slow startup of the Hub | |
- | # but ensures that the Hub is fully consistent by the time it starts responding | |
- | # to requests. This matches the behavior of jupyterhub 1.0. | |
- | # | |
- | # .. versionadded: 1.1.0 | |
- | #c.JupyterHub.init_spawners_timeout = 10 | |
- | | |
- | ## The location to store certificates automatically created by JupyterHub. | |
- | # | |
- | # Use with internal_ssl | |
- | #c.JupyterHub.internal_certs_location = 'internal-ssl' | |
- | | |
- | ## Enable SSL for all internal communication | |
- | # | |
- | # This enables end-to-end encryption between all JupyterHub components. | |
- | # JupyterHub will automatically create the necessary certificate authority and | |
- | # sign notebook certificates as they're created. | |
- | #c.JupyterHub.internal_ssl = False | |
- | | |
- | ## The public facing ip of the whole JupyterHub application (specifically | |
- | # referred to as the proxy). | |
- | # | |
- | # This is the address on which the proxy will listen. The default is to listen | |
- | # on all interfaces. This is the only address through which JupyterHub should be | |
- | # accessed by users. | |
- | # | |
- | # .. deprecated: 0.9 | |
- | # Use JupyterHub.bind_url | |
- | c.JupyterHub.ip = '192.168.27.20' | |
- | | |
- | ## Supply extra arguments that will be passed to Jinja environment. | |
- | #c.JupyterHub.jinja_environment_options = {} | |
- | | |
- | ## Interval (in seconds) at which to update last-activity timestamps. | |
- | #c.JupyterHub.last_activity_interval = 300 | |
- | | |
- | ## Dict of 'group': ['usernames'] to load at startup. | |
- | # | |
- | # This strictly *adds* groups and users to groups. | |
- | # | |
- | # Loading one set of groups, then starting JupyterHub again with a different set | |
- | # will not remove users or groups from previous launches. That must be done | |
- | # through the API. | |
- | #c.JupyterHub.load_groups = {} | |
- | | |
- | ## Specify path to a logo image to override the Jupyter logo in the banner. | |
- | #c.JupyterHub.logo_file = '' | |
- | | |
- | ## Maximum number of concurrent named servers that can be created by a user at a | |
- | # time. | |
- | # | |
- | # Setting this can limit the total resources a user can consume. | |
- | # | |
- | # If set to 0, no limit is enforced. | |
- | #c.JupyterHub.named_server_limit_per_user = 0 | |
- | | |
- | ## File to write PID Useful for daemonizing JupyterHub. | |
- | #c.JupyterHub.pid_file = '' | |
- | | |
- | ## The public facing port of the proxy. | |
- | # | |
- | # This is the port on which the proxy will listen. This is the only port through | |
- | # which JupyterHub should be accessed by users. | |
- | # | |
- | # .. deprecated: 0.9 | |
- | # Use JupyterHub.bind_url | |
- | #c.JupyterHub.port = 8000 | |
- | | |
- | ## DEPRECATED since version 0.8 : Use ConfigurableHTTPProxy.api_url | |
- | #c.JupyterHub.proxy_api_ip = '' | |
- | | |
- | ## DEPRECATED since version 0.8 : Use ConfigurableHTTPProxy.api_url | |
- | #c.JupyterHub.proxy_api_port = 0 | |
- | | |
- | ## DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.auth_token | |
- | #c.JupyterHub.proxy_auth_token = '' | |
- | | |
- | ## Interval (in seconds) at which to check if the proxy is running. | |
- | #c.JupyterHub.proxy_check_interval = 30 | |
- | | |
- | ## The class to use for configuring the JupyterHub proxy. | |
- | # | |
- | # Should be a subclass of :class:`jupyterhub.proxy.Proxy`. | |
- | # | |
- | # .. versionchanged:: 1.0 | |
- | # proxies may be registered via entry points, | |
- | # e.g. `c.JupyterHub.proxy_class = 'traefik'` | |
- | # | |
- | # Currently installed: | |
- | # - configurable-http-proxy: jupyterhub.proxy.ConfigurableHTTPProxy | |
- | # - default: jupyterhub.proxy.ConfigurableHTTPProxy | |
- | #c.JupyterHub.proxy_class = 'jupyterhub.proxy.ConfigurableHTTPProxy' | |
- | | |
- | ## DEPRECATED since version 0.8. Use ConfigurableHTTPProxy.command | |
- | #c.JupyterHub.proxy_cmd = [] | |
- | | |
- | ## Recreate all certificates used within JupyterHub on restart. | |
- | # | |
- | # Note: enabling this feature requires restarting all notebook servers. | |
- | # | |
- | # Use with internal_ssl | |
- | #c.JupyterHub.recreate_internal_certs = False | |
- | | |
- | ## Redirect user to server (if running), instead of control panel. | |
- | #c.JupyterHub.redirect_to_server = True | |
- | | |
- | ## Purge and reset the database. | |
- | #c.JupyterHub.reset_db = False | |
- | | |
- | ## Interval (in seconds) at which to check connectivity of services with web | |
- | # endpoints. | |
- | #c.JupyterHub.service_check_interval = 60 | |
- | | |
- | ## Dict of token:servicename to be loaded into the database. | |
- | # | |
- | # Allows ahead-of-time generation of API tokens for use by externally managed | |
- | # services. | |
- | #c.JupyterHub.service_tokens = {} | |
- | | |
- | ## List of service specification dictionaries. | |
- | # | |
- | # A service | |
- | # | |
- | # For instance:: | |
- | # | |
- | # services = [ | |
- | # { | |
- | # 'name': 'cull_idle', | |
- | # 'command': ['/path/to/cull_idle_servers.py'], | |
- | # }, | |
- | # { | |
- | # 'name': 'formgrader', | |
- | # 'url': 'http://127.0.0.1:1234', | |
- | # 'api_token': 'super-secret', | |
- | # 'environment': | |
- | # } | |
- | # ] | |
- | #c.JupyterHub.services = [] | |
- | | |
- | ## Shuts down all user servers on logout | |
- | #c.JupyterHub.shutdown_on_logout = False | |
- | | |
- | ## The class to use for spawning single-user servers. | |
- | # | |
- | # Should be a subclass of :class:`jupyterhub.spawner.Spawner`. | |
- | # | |
- | # .. versionchanged:: 1.0 | |
- | # spawners may be registered via entry points, | |
- | # e.g. `c.JupyterHub.spawner_class = 'localprocess'` | |
- | # | |
- | # Currently installed: | |
- | # - default: jupyterhub.spawner.LocalProcessSpawner | |
- | # - localprocess: jupyterhub.spawner.LocalProcessSpawner | |
- | # - simple: jupyterhub.spawner.SimpleLocalProcessSpawner | |
- | # - docker: dockerspawner.DockerSpawner | |
- | # - docker-swarm: dockerspawner.SwarmSpawner | |
- | # - docker-system-user: dockerspawner.SystemUserSpawner | |
- | #c.JupyterHub.spawner_class = 'jupyterhub.spawner.LocalProcessSpawner' | |
- | c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner' | |
- | #c.JupyterHub.spawner_class = 'coursewareuserspawner.CoursewareUserSpawner' | |
- | #c.JupyterHub.spawner_class = 'dockerspawner.SwarmSpawner' | |
- | | |
- | #c.DockerSpawner.container_image = 'niicloudoperation/jupyterhub-singleuser' | |
- | #c.DockerSpawner.container_image = 'niicloudoperation/notebook' | |
- | c.DockerSpawner.container_image = 'jupyterhub/singleuser' | |
- | #c.DockerSpawner.image_whitelist = { | |
- | # "deepdetect-gpu (Tensorflow+PyTorch)": "jolibrain/jupyter-dd-notebook-gpu", | |
- | # "tensorflow-2-gpu (Tensorflow 2.0)": "d4n1el/tensorflow-2-notebook-gpu", | |
- | # "datascience-gpu (Python+Julia+R)": "d4n1el/datascience-notebook-gpu", | |
- | # "tensorflow-cpu (Tensorflow)": "jupyter/tensorflow-notebook", | |
- | # "datascience-cpu (Python+Julia+R)": "jupyter/datascience-notebook", | |
- | # "coursewarehub": "niicloudoperation/jupyterhub-singleuser", | |
- | #} | |
- | c.DockerSpawner.remove_containers = True | |
- | #c.DockerSpawner.extra_create_kwargs = {'user': 'root'} | |
- | #c.DockerSpawner.extra_host_config = {'runtime': 'nvidia'} | |
- | c.Spawner.environment = {'GRANT_SUDO': 'yes'} | |
- | #c.DockerSpawner.hub_connect_ip = '192.168.27.20' | |
- | c.DockerSpawner.hub_connect_ip = '0.0.0.0' | |
- | notebook_dir = '/home/jovyan/work' | |
- | #notebook_dir = '/jupyter/users/{username}/work' | |
- | c.DockerSpawner.notebook_dir = notebook_dir | |
- | c.DockerSpawner.volumes = { 'jupyterhub-user-{username}': notebook_dir } | |
- | | |
- | #from jupyter_client.localinterfaces import public_ips | |
- | #c.JupyterHub.hub_ip = public_ips()[0] | |
- | | |
- | | |
- | | |
- | ## Path to SSL certificate file for the public facing interface of the proxy | |
- | # | |
- | # When setting this, you should also set ssl_key | |
- | #c.JupyterHub.ssl_cert = '' | |
- | | |
- | ## Path to SSL key file for the public facing interface of the proxy | |
- | # | |
- | # When setting this, you should also set ssl_cert | |
- | #c.JupyterHub.ssl_key = '' | |
- | | |
- | ## Host to send statsd metrics to. An empty string (the default) disables sending | |
- | # metrics. | |
- | #c.JupyterHub.statsd_host = '' | |
- | | |
- | ## Port on which to send statsd metrics about the hub | |
- | #c.JupyterHub.statsd_port = 8125 | |
- | | |
- | ## Prefix to use for all metrics sent by jupyterhub to statsd | |
- | #c.JupyterHub.statsd_prefix = 'jupyterhub' | |
- | | |
- | ## Run single-user servers on subdomains of this host. | |
- | # | |
- | # This should be the full `https://hub.domain.tld[:port]`. | |
- | # | |
- | # Provides additional cross-site protections for javascript served by single- | |
- | # user servers. | |
- | # | |
- | # Requires `<username>.hub.domain.tld` to resolve to the same host as | |
- | # `hub.domain.tld`. | |
- | # | |
- | # In general, this is most easily achieved with wildcard DNS. | |
- | # | |
- | # When using SSL (i.e. always) this also requires a wildcard SSL certificate. | |
- | #c.JupyterHub.subdomain_host = '' | |
- | | |
- | ## Paths to search for jinja templates, before using the default templates. | |
- | #c.JupyterHub.template_paths = [] | |
- | | |
- | ## Extra variables to be passed into jinja templates | |
- | #c.JupyterHub.template_vars = {} | |
- | | |
- | ## Extra settings overrides to pass to the tornado application. | |
- | #c.JupyterHub.tornado_settings = {} | |
- | | |
- | ## Trust user-provided tokens (via JupyterHub.service_tokens) to have good | |
- | # entropy. | |
- | # | |
- | # If you are not inserting additional tokens via configuration file, this flag | |
- | # has no effect. | |
- | # | |
- | # In JupyterHub 0.8, internally generated tokens do not pass through additional | |
- | # hashing because the hashing is costly and does not increase the entropy of | |
- | # already-good UUIDs. | |
- | # | |
- | # User-provided tokens, on the other hand, are not trusted to have good entropy | |
- | # by default, and are passed through many rounds of hashing to stretch the | |
- | # entropy of the key (i.e. user-provided tokens are treated as passwords instead | |
- | # of random keys). These keys are more costly to check. | |
- | # | |
- | # If your inserted tokens are generated by a good-quality mechanism, e.g. | |
- | # `openssl rand -hex 32`, then you can set this flag to True to reduce the cost | |
- | # of checking authentication tokens. | |
- | #c.JupyterHub.trust_user_provided_tokens = False | |
- | | |
- | ## Names to include in the subject alternative name. | |
- | # | |
- | # These names will be used for server name verification. This is useful if | |
- | # JupyterHub is being run behind a reverse proxy or services using ssl are on | |
- | # different hosts. | |
- | # | |
- | # Use with internal_ssl | |
- | #c.JupyterHub.trusted_alt_names = [] | |
- | | |
- | ## Downstream proxy IP addresses to trust. | |
- | # | |
- | # This sets the list of IP addresses that are trusted and skipped when | |
- | # processing the `X-Forwarded-For` header. For example, if an external proxy is | |
- | # used for TLS termination, its IP address should be added to this list to | |
- | # ensure the correct client IP addresses are recorded in the logs instead of the | |
- | # proxy server's IP address. | |
- | #c.JupyterHub.trusted_downstream_ips = [] | |
- | | |
- | ## Upgrade the database automatically on start. | |
- | # | |
- | # Only safe if database is regularly backed up. Only SQLite databases will be | |
- | # backed up to a local file automatically. | |
- | #c.JupyterHub.upgrade_db = False | |
- | | |
- | ## Callable to affect behavior of /user-redirect/ | |
- | # | |
- | # Receives 4 parameters: 1. path - URL path that was provided after /user- | |
- | # redirect/ 2. request - A Tornado HTTPServerRequest representing the current | |
- | # request. 3. user - The currently authenticated user. 4. base_url - The | |
- | # base_url of the current hub, for relative redirects | |
- | # | |
- | # It should return the new URL to redirect to, or None to preserve current | |
- | # behavior. | |
- | #c.JupyterHub.user_redirect_hook = None | |
- | | |
- | #------------------------------------------------------------------------------ | |
- | # Spawner(LoggingConfigurable) configuration | |
- | #------------------------------------------------------------------------------ | |
- | | |
- | ## Base class for spawning single-user notebook servers. | |
- | # | |
- | # Subclass this, and override the following methods: | |
- | # | |
- | # - load_state - get_state - start - stop - poll | |
- | # | |
- | # As JupyterHub supports multiple users, an instance of the Spawner subclass is | |
- | # created for each user. If there are 20 JupyterHub users, there will be 20 | |
- | # instances of the subclass. | |
- | | |
- | ## Extra arguments to be passed to the single-user server. | |
- | # | |
- | # Some spawners allow shell-style expansion here, allowing you to use | |
- | # environment variables here. Most, including the default, do not. Consult the | |
- | # documentation for your spawner to verify! | |
- | #c.Spawner.args = [] | |
- | | |
- | ## An optional hook function that you can implement to pass `auth_state` to the | |
- | # spawner after it has been initialized but before it starts. The `auth_state` | |
- | # dictionary may be set by the `.authenticate()` method of the authenticator. | |
- | # This hook enables you to pass some or all of that information to your spawner. | |
- | # | |
- | # Example:: | |
- | # | |
- | # def userdata_hook(spawner, auth_state): | |
- | # spawner.userdata = auth_state["userdata"] | |
- | # | |
- | # c.Spawner.auth_state_hook = userdata_hook | |
- | #c.Spawner.auth_state_hook = None | |
- | | |
- | ## The command used for starting the single-user server. | |
- | # | |
- | # Provide either a string or a list containing the path to the startup script | |
- | # command. Extra arguments, other than this path, should be provided via `args`. | |
- | # | |
- | # This is usually set if you want to start the single-user server in a different | |
- | # python environment (with virtualenv/conda) than JupyterHub itself. | |
- | # | |
- | # Some spawners allow shell-style expansion here, allowing you to use | |
- | # environment variables. Most, including the default, do not. Consult the | |
- | # documentation for your spawner to verify! | |
- | #c.Spawner.cmd = ['jupyterhub-singleuser'] | |
- | | |
- | ## Maximum number of consecutive failures to allow before shutting down | |
- | # JupyterHub. | |
- | # | |
- | # This helps JupyterHub recover from a certain class of problem preventing | |
- | # launch in contexts where the Hub is automatically restarted (e.g. systemd, | |
- | # docker, kubernetes). | |
- | # | |
- | # A limit of 0 means no limit and consecutive failures will not be tracked. | |
- | #c.Spawner.consecutive_failure_limit = 0 | |
- | | |
- | ## Minimum number of cpu-cores a single-user notebook server is guaranteed to | |
- | # have available. | |
- | # | |
- | # If this value is set to 0.5, allows use of 50% of one CPU. If this value is | |
- | # set to 2, allows use of up to 2 CPUs. | |
- | # | |
- | # **This is a configuration setting. Your spawner must implement support for the | |
- | # limit to work.** The default spawner, `LocalProcessSpawner`, does **not** | |
- | # implement this support. A custom spawner **must** add support for this setting | |
- | # for it to be enforced. | |
- | #c.Spawner.cpu_guarantee = None | |
- | | |
- | ## Maximum number of cpu-cores a single-user notebook server is allowed to use. | |
- | # | |
- | # If this value is set to 0.5, allows use of 50% of one CPU. If this value is | |
- | # set to 2, allows use of up to 2 CPUs. | |
- | # | |
- | # The single-user notebook server will never be scheduled by the kernel to use | |
- | # more cpu-cores than this. There is no guarantee that it can access this many | |
- | # cpu-cores. | |
- | # | |
- | # **This is a configuration setting. Your spawner must implement support for the | |
- | # limit to work.** The default spawner, `LocalProcessSpawner`, does **not** | |
- | # implement this support. A custom spawner **must** add support for this setting | |
- | # for it to be enforced. | |
- | #c.Spawner.cpu_limit = None | |
- | | |
- | ## Enable debug-logging of the single-user server | |
- | #c.Spawner.debug = False | |
- | | |
- | ## The URL the single-user server should start in. | |
- | # | |
- | # `{username}` will be expanded to the user's username | |
- | # | |
- | # Example uses: | |
- | # | |
- | # - You can set `notebook_dir` to `/` and `default_url` to `/tree/home/{username}` to allow people to | |
- | # navigate the whole filesystem from their notebook server, but still start in their home directory. | |
- | # - Start with `/notebooks` instead of `/tree` if `default_url` points to a notebook instead of a directory. | |
- | # - You can set this to `/lab` to have JupyterLab start by default, rather than Jupyter Notebook. | |
- | c.Spawner.default_url = '/lab' | |
- | | |
- | ## Disable per-user configuration of single-user servers. | |
- | # | |
- | # When starting the user's single-user server, any config file found in the | |
- | # user's $HOME directory will be ignored. | |
- | # | |
- | # Note: a user could circumvent this if the user modifies their Python | |
- | # environment, such as when they have their own conda environments / virtualenvs | |
- | # / containers. | |
- | #c.Spawner.disable_user_config = False | |
- | | |
- | ## Whitelist of environment variables for the single-user server to inherit from | |
- | # the JupyterHub process. | |
- | # | |
- | # This whitelist is used to ensure that sensitive information in the JupyterHub | |
- | # process's environment (such as `CONFIGPROXY_AUTH_TOKEN`) is not passed to the | |
- | # single-user server's process. | |
- | #c.Spawner.env_keep = ['PATH', 'PYTHONPATH', 'CONDA_ROOT', 'CONDA_DEFAULT_ENV', 'VIRTUAL_ENV', 'LANG', 'LC_ALL'] | |
- | | |
- | ## Extra environment variables to set for the single-user server's process. | |
- | # | |
- | # Environment variables that end up in the single-user server's process come from 3 sources: | |
- | # - This `environment` configurable | |
- | # - The JupyterHub process' environment variables that are whitelisted in `env_keep` | |
- | # - Variables to establish contact between the single-user notebook and the hub (such as JUPYTERHUB_API_TOKEN) | |
- | # | |
- | # The `environment` configurable should be set by JupyterHub administrators to | |
- | # add installation specific environment variables. It is a dict where the key is | |
- | # the name of the environment variable, and the value can be a string or a | |
- | # callable. If it is a callable, it will be called with one parameter (the | |
- | # spawner instance), and should return a string fairly quickly (no blocking | |
- | # operations please!). | |
- | # | |
- | # Note that the spawner class' interface is not guaranteed to be exactly same | |
- | # across upgrades, so if you are using the callable take care to verify it | |
- | # continues to work after upgrades! | |
- | #c.Spawner.environment = {} | |
- | | |
- | ## Timeout (in seconds) before giving up on a spawned HTTP server | |
- | # | |
- | # Once a server has successfully been spawned, this is the amount of time we | |
- | # wait before assuming that the server is unable to accept connections. | |
- | #c.Spawner.http_timeout = 30 | |
- | | |
- | ## The IP address (or hostname) the single-user server should listen on. | |
- | # | |
- | # The JupyterHub proxy implementation should be able to send packets to this | |
- | # interface. | |
- | #c.Spawner.ip = '' | |
- | | |
- | ## Minimum number of bytes a single-user notebook server is guaranteed to have | |
- | # available. | |
- | # | |
- | # Allows the following suffixes: | |
- | # - K -> Kilobytes | |
- | # - M -> Megabytes | |
- | # - G -> Gigabytes | |
- | # - T -> Terabytes | |
- | # | |
- | # **This is a configuration setting. Your spawner must implement support for the | |
- | # limit to work.** The default spawner, `LocalProcessSpawner`, does **not** | |
- | # implement this support. A custom spawner **must** add support for this setting | |
- | # for it to be enforced. | |
- | #c.Spawner.mem_guarantee = None | |
- | | |
- | ## Maximum number of bytes a single-user notebook server is allowed to use. | |
- | # | |
- | # Allows the following suffixes: | |
- | # - K -> Kilobytes | |
- | # - M -> Megabytes | |
- | # - G -> Gigabytes | |
- | # - T -> Terabytes | |
- | # | |
- | # If the single user server tries to allocate more memory than this, it will | |
- | # fail. There is no guarantee that the single-user notebook server will be able | |
- | # to allocate this much memory - only that it can not allocate more than this. | |
- | # | |
- | # **This is a configuration setting. Your spawner must implement support for the | |
- | # limit to work.** The default spawner, `LocalProcessSpawner`, does **not** | |
- | # implement this support. A custom spawner **must** add support for this setting | |
- | # for it to be enforced. | |
- | #c.Spawner.mem_limit = None | |
- | | |
- | ## Path to the notebook directory for the single-user server. | |
- | # | |
- | # The user sees a file listing of this directory when the notebook interface is | |
- | # started. The current interface does not easily allow browsing beyond the | |
- | # subdirectories in this directory's tree. | |
- | # | |
- | # `~` will be expanded to the home directory of the user, and {username} will be | |
- | # replaced with the name of the user. | |
- | # | |
- | # Note that this does *not* prevent users from accessing files outside of this | |
- | # path! They can do so with many other means. | |
- | #c.Spawner.notebook_dir = '/home/jupyter' | |
- | c.Spawner.notebook_dir = '~/notebook' | |
- | | |
- | ## An HTML form for options a user can specify on launching their server. | |
- | # | |
- | # The surrounding `<form>` element and the submit button are already provided. | |
- | # | |
- | # For example: | |
- | # | |
- | # .. code:: html | |
- | # | |
- | # Set your key: | |
- | # <input name="key" val="default_key"></input> | |
- | # <br> | |
- | # Choose a letter: | |
- | # <select name="letter" multiple="true"> | |
- | # <option value="A">The letter A</option> | |
- | # <option value="B">The letter B</option> | |
- | # </select> | |
- | # | |
- | # The data from this form submission will be passed on to your spawner in | |
- | # `self.user_options` | |
- | # | |
- | # Instead of a form snippet string, this could also be a callable that takes as | |
- | # one parameter the current spawner instance and returns a string. The callable | |
- | # will be called asynchronously if it returns a future, rather than a str. Note | |
- | # that the interface of the spawner class is not deemed stable across versions, | |
- | # so using this functionality might cause your JupyterHub upgrades to break. | |
- | #c.Spawner.options_form = traitlets.Undefined | |
- | | |
- | ## Interval (in seconds) on which to poll the spawner for single-user server's | |
- | # status. | |
- | # | |
- | # At every poll interval, each spawner's `.poll` method is called, which checks | |
- | # if the single-user server is still running. If it isn't running, then | |
- | # JupyterHub modifies its own state accordingly and removes appropriate routes | |
- | # from the configurable proxy. | |
- | #c.Spawner.poll_interval = 30 | |
- | | |
- | ## The port for single-user servers to listen on. | |
- | # | |
- | # Defaults to `0`, which uses a randomly allocated port number each time. | |
- | # | |
- | # If set to a non-zero value, all Spawners will use the same port, which only | |
- | # makes sense if each server is on a different address, e.g. in containers. | |
- | # | |
- | # New in version 0.7. | |
- | #c.Spawner.port = 0 | |
- | | |
- | ## An optional hook function that you can implement to do work after the spawner | |
- | # stops. | |
- | # | |
- | # This can be set independent of any concrete spawner implementation. | |
- | #c.Spawner.post_stop_hook = None | |
- | | |
- | ## An optional hook function that you can implement to do some bootstrapping work | |
- | # before the spawner starts. For example, create a directory for your user or | |
- | # load initial content. | |
- | # | |
- | # This can be set independent of any concrete spawner implementation. | |
- | # | |
- | # This maybe a coroutine. | |
- | # | |
- | # Example:: | |
- | # | |
- | # from subprocess import check_call | |
- | # def my_hook(spawner): | |
- | # username = spawner.user.name | |
- | # check_call(['./examples/bootstrap-script/bootstrap.sh', username]) | |
- | # | |
- | # c.Spawner.pre_spawn_hook = my_hook | |
- | #c.Spawner.pre_spawn_hook = None | |
- | | |
- | ## List of SSL alt names | |
- | # | |
- | # May be set in config if all spawners should have the same value(s), or set at | |
- | # runtime by Spawner that know their names. | |
- | #c.Spawner.ssl_alt_names = [] | |
- | | |
- | ## Whether to include DNS:localhost, IP:127.0.0.1 in alt names | |
- | #c.Spawner.ssl_alt_names_include_local = True | |
- | | |
- | ## Timeout (in seconds) before giving up on starting of single-user server. | |
- | # | |
- | # This is the timeout for start to return, not the timeout for the server to | |
- | # respond. Callers of spawner.start will assume that startup has failed if it | |
- | # takes longer than this. start should return when the server process is started | |
- | # and its location is known. | |
- | #c.Spawner.start_timeout = 60 | |
- | | |
- | #------------------------------------------------------------------------------ | |
- | # Authenticator(LoggingConfigurable) configuration | |
- | #------------------------------------------------------------------------------ | |
- | | |
- | ## Base class for implementing an authentication provider for JupyterHub | |
- | | |
- | ## Set of users that will have admin rights on this JupyterHub. | |
- | # | |
- | # Admin users have extra privileges: | |
- | # - Use the admin panel to see list of users logged in | |
- | # - Add / remove users in some authenticators | |
- | # - Restart / halt the hub | |
- | # - Start / stop users' single-user servers | |
- | # - Can access each individual users' single-user server (if configured) | |
- | # | |
- | # Admin access should be treated the same way root access is. | |
- | # | |
- | # Defaults to an empty set, in which case no user has admin access. | |
- | #c.Authenticator.admin_users = set() | |
- | #c.Authenticator.admin_users = {''} | |
- | | |
- | ## The max age (in seconds) of authentication info before forcing a refresh of | |
- | # user auth info. | |
- | # | |
- | # Refreshing auth info allows, e.g. requesting/re-validating auth tokens. | |
- | # | |
- | # See :meth:`.refresh_user` for what happens when user auth info is refreshed | |
- | # (nothing by default). | |
- | #c.Authenticator.auth_refresh_age = 300 | |
- | | |
- | ## Automatically begin the login process | |
- | # | |
- | # rather than starting with a "Login with..." link at `/hub/login` | |
- | # | |
- | # To work, `.login_url()` must give a URL other than the default `/hub/login`, | |
- | # such as an oauth handler or another automatic login handler, registered with | |
- | # `.get_handlers()`. | |
- | # | |
- | # .. versionadded:: 0.8 | |
- | #c.Authenticator.auto_login = False | |
- | | |
- | ## Blacklist of usernames that are not allowed to log in. | |
- | # | |
- | # Use this with supported authenticators to restrict which users can not log in. | |
- | # This is an additional blacklist that further restricts users, beyond whatever | |
- | # restrictions the authenticator has in place. | |
- | # | |
- | # If empty, does not perform any additional restriction. | |
- | # | |
- | # .. versionadded: 0.9 | |
- | #c.Authenticator.blacklist = set() | |
- | | |
- | ## Enable persisting auth_state (if available). | |
- | # | |
- | # auth_state will be encrypted and stored in the Hub's database. This can | |
- | # include things like authentication tokens, etc. to be passed to Spawners as | |
- | # environment variables. | |
- | # | |
- | # Encrypting auth_state requires the cryptography package. | |
- | # | |
- | # Additionally, the JUPYTERHUB_CRYPT_KEY environment variable must contain one | |
- | # (or more, separated by ;) 32B encryption keys. These can be either base64 or | |
- | # hex-encoded. | |
- | # | |
- | # If encryption is unavailable, auth_state cannot be persisted. | |
- | # | |
- | # New in JupyterHub 0.8 | |
- | #c.Authenticator.enable_auth_state = False | |
- | | |
- | ## An optional hook function that you can implement to do some bootstrapping work | |
- | # during authentication. For example, loading user account details from an | |
- | # external system. | |
- | # | |
- | # This function is called after the user has passed all authentication checks | |
- | # and is ready to successfully authenticate. This function must return the | |
- | # authentication dict reguardless of changes to it. | |
- | # | |
- | # This maybe a coroutine. | |
- | # | |
- | # .. versionadded: 1.0 | |
- | # | |
- | # Example:: | |
- | # | |
- | # import os, pwd | |
- | # def my_hook(authenticator, handler, authentication): | |
- | # user_data = pwd.getpwnam(authentication['name']) | |
- | # spawn_data = { | |
- | # 'pw_data': user_data | |
- | # 'gid_list': os.getgrouplist(authentication['name'], user_data.pw_gid) | |
- | # } | |
- | # | |
- | # if authentication['auth_state'] is None: | |
- | # authentication['auth_state'] = {} | |
- | # authentication['auth_state']['spawn_data'] = spawn_data | |
- | # | |
- | # return authentication | |
- | # | |
- | # c.Authenticator.post_auth_hook = my_hook | |
- | #c.Authenticator.post_auth_hook = None | |
- | | |
- | ## Force refresh of auth prior to spawn. | |
- | # | |
- | # This forces :meth:`.refresh_user` to be called prior to launching a server, to | |
- | # ensure that auth state is up-to-date. | |
- | # | |
- | # This can be important when e.g. auth tokens that may have expired are passed | |
- | # to the spawner via environment variables from auth_state. | |
- | # | |
- | # If refresh_user cannot refresh the user auth data, launch will fail until the | |
- | # user logs in again. | |
- | #c.Authenticator.refresh_pre_spawn = False | |
- | | |
- | ## Dictionary mapping authenticator usernames to JupyterHub users. | |
- | # | |
- | # Primarily used to normalize OAuth user names to local users. | |
- | #c.Authenticator.username_map = {} | |
- | | |
- | ## Regular expression pattern that all valid usernames must match. | |
- | # | |
- | # If a username does not match the pattern specified here, authentication will | |
- | # not be attempted. | |
- | # | |
- | # If not set, allow any username. | |
- | #c.Authenticator.username_pattern = '' | |
- | | |
- | ## Whitelist of usernames that are allowed to log in. | |
- | # | |
- | # Use this with supported authenticators to restrict which users can log in. | |
- | # This is an additional whitelist that further restricts users, beyond whatever | |
- | # restrictions the authenticator has in place. | |
- | # | |
- | # If empty, does not perform any additional restriction. | |
- | #c.Authenticator.whitelist = set() | |
- | | |
- | #------------------------------------------------------------------------------ | |
- | # CryptKeeper(SingletonConfigurable) configuration | |
- | #------------------------------------------------------------------------------ | |
- | | |
- | ## Encapsulate encryption configuration | |
- | # | |
- | # Use via the encryption_config singleton below. | |
- | | |
- | ## | |
- | #c.CryptKeeper.keys = [] | |
- | | |
- | ## The number of threads to allocate for encryption | |
- | #c.CryptKeeper.n_threads = 16 | |