jupyter-notebook: how to ssl the prodigy output?

in a jupyter notebook via ssl (tl-JupyterHub) i can't deliver the output in the jupyter-tab. But in a separate browser tab it works. This indicates that the build-in server doesn't deliver via https.
The easyest way should be to tell hug to deliver via https. Any idea where to configure this?
And yes. i read the "prodigy with https" but to deliver via proxy is a pain in the tljh.

regards rv

Hi! This makes sense, yes – if JupyterLab is served via HTTPS, the browser will block the embedded app if it's HTTP-only.

HTTPS isn't something that the local server can just enable – you'll always need a certificate and users always run their own server locally. So it can't really ship with HTTPS out-of-the-box.

As of v1.9, Proigy uses FastAPI with uvicorn instead of Hug for its REST API. You can find the docs on HTTPS here: https://fastapi.tiangolo.com/deployment/#https

Also see the HTTPS section in the uvicorn docs here that show how to : https://www.uvicorn.org/deployment

thank's Ines!
I didn't realise that you changed from hug to uvicorn - now i saw it in the app.

So i have some work now...

grtz/ rv

Any update on this @ronaldoviber? I found the easiest way for me to implement an auth middleware solution was through running prodigy in an iframe, so I am running into the same issue where it will not display on https.

I think the easiest solution would be to slightly tweak the uvicorn server in prodigy/app.py and add an SSL certificate (see the "Running with HTTPS" section here), so you can serve the Prodigy app via HTTPS. Then you'd be able to load it within an iframe on an HTTPS site.

It might be as straightforward as adding two arguments for the SSL certificate to uvicorn.run. If that works, we can also easily add this as a feature to Prodigy, e.g. by accepting environment variables.

yes Ines thats right. Adding some lines in the in the prodigy/app.py at uvicorn.run let it work.

    ssl_keyfile="/address/.Certs/key.pem",
    ssl_certfile="/address/.Certs/cert.pem",
    ssl_ca_certs=None,
    ssl_ciphers="TLSv1",
    ssl_version=2,
    ssl_cert_reqs=0,  

But it doesn't solve the prob with the tab in the jupyter lab.

1 Like

Cool, thanks for updating! Could you check if the tab loaded in JupyterLab is loaded with http:// or https://? If its HTTP, maybe there's a way to force a redirect to HTTPS only? Apparently starlette's HTTPSRedirectMiddleware lets you do that, and you should be able to just add that to the existing middleware settings in the app.py.

hi Ines,
it's true: that the LabTab calls http. Thanks for this hint.
I solve it in the app.py at the serve_main function:

httponly=True,

changed to

httponly=False,

and it works fine for us the by the method provided.

But the better way would be if there is a switch in the uvicorn/ ASGI config because the default is http.

1 Like