Setup Jupyter Notebook on AWS for Fast.AI
Two configuration options are presented.
- use ssh tunnelling [enables single user access, more secure.]
- modify the jupyter notebook configuration to enable ‘public’ access, security controlled by EC2 security settings.
— — — — — — — — — — — — — — — — — — — — — — — — — — — -
Method 1 : use ssh tunnelling
[important!!!] close any ssh session running jupyter notebook
ssh to your ec2 instance using the following syntax (use the same url for your ec2 instance as above)
ssh -i /path/to/your/aws-security-key-file.pem -L 9999:127.0.0.1:8888 ec2-user@ec2–???–???–???–???.us-west-2.compute.amazonaws.com
This creates a ssh tunnel between jupyter running on your ec2 server and port 9999 on your local machine.
NB: this eliminates the need to allow port 8888 access via the ec2 incoming rules.
now initiate your python virtual session.
source activate python3
command prompt will change from
[ec2-user@ip-172–31–36–51 ~]$
to
(python3) [ec2-user@ip-172–31–36–51 ~]$
now, in your ssh session run this command.
jupyter notebook
now will see output similar to this
in your local browser can open a url similar to this.
localhost:9999/?token=<your token as copied from above>
pros:
- no need to edit jupyter config files.
- single command line to activate ssh tunnel and two easy copy paste lines to execute.
- restricts access to python notebook in a secure way.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
method 2 : setup jupyter notebook to access directly on server.
Select your EC2 instance.
select link for “Security groups” then inbound tab
Edit security rules, we will add permission for incoming connections on port 8888
now the inbound rules will look like this
[TIP: add duplicate rules for the IP @ your home, work and any other places you regularly log in from, save having to edit this in future and the frustration of login failures when you forget.]
ssh to your ec2 instance from your local machine.
after login, we need to activate our python virtual environment.
source activate python3
NB: takes a few minutes first time activated.
This launches the preconfigured virtual environment for python in this AWS AMI. Now start the jupyter notebook server.
jupyter notebook
NB: takes a few minutes first time activated.
when jupyter notebook is running will see the output above.
open another ssh session and run this netstat command to list the open ports listening on this server.
sudo netstat -plnt
will see a python program operating on 127.0.0.1:8888
At this point, jupyter notebook is running on the EC2 instance, but standard configuration restricts access from localhost only. To enable external access we need to edit jupyter config file.
in a fresh ssh session connected to your ec2 server.
vi ~/.jupyter/jupyter_notebook_config.pyin vi find these lines
## The IP address the notebook server will listen on.
#c.NotebookApp.ip = ‘localhost’to search in vi use these keystrokes
[esc] / [copy paste in text to search for]
vi shortcut to copy a line
yy
vi shortcut to paste a line
p
change
#c.NotebookApp.ip = ‘localhost’to
c.NotebookApp.ip = ‘*’to change vi into edit mode
[esc] i [enter]
to save the changes
[esc] wq [enter]
now in the ssh console running jupyter notebook, shutdown jupyter and start.
in the screenshot above we see the localhost url and the token required to login. copy paste the ?token=<your-token-value>
We can access jupyter notebook at the following url.
http://ec2–???–???–???–???.us-west-2.compute.amazonaws.com:8888/?token=<your-token-value>
recall the url for your EC2 instance is available as below.
After validating the token, jupyter redirects to a url like this
http://ec2-???-???-???-???.us-west-2.compute.amazonaws.com:8888/tree
and the default jupyter notebook session looks like this.
This method has the following pros + cons.
- jupyter notebook publically accessible subject to EC2 inbound rules.
- Can potentially allow multiple users to access the same jupyter notebook. [useful for group + tutorial sessions]
- no ssh tunnelling required.
- now publicly exposed but not using ssl certificates. [see notes below]
- slightly longer setup (can be scripted)
Astute followers will notice these error messages in the console log after starting jupyter notebook.
This can be eliminated by starting jupyter notebook with the no-browser option. ie
jupyter notebook --no-browseror by adding the following line to the jupyter_notebook_config.py file.
#c.NotebookApp.browser = ''c.NotebookApp.open_browser = False
I’ve added it just after the c.NotebookApp.browser line because c.NotebookApp.open_browser is not already in the config file and c.NotebookApp.browser is nearest relevant config item.
This warning is also worth understanding.
We address this by adding ssl certificates in here.
If you have set a password, your login will look like this.
password can be reset with this command. (stop jupyter server and restart after setting password)
jupyter notebook password
This is useful for listing all running versions of jupyter. Handy to check if a token is required, or non-aborted session still running.
jupyter notebook listNote: sometimes weird things occur. ie
- can access jupyter notebook on the url for the ec2 instance but not on localhost.
- can load the login page on localhost, password does not work on login page, but does work when loaded on the url for the ec2 instance.
- etc
If in doubt, check the config steps listed above. stop/restart the jupyter notebook session. stay calm.
