Reverse Proxy for RStudio Server and JupyterLab-Hub with SSL in NGINX

Simply record the configuration files.

1. Install NGINX, RStudio server, JupyterHub, JupyterLab and Jupyterlab-hub extension.

2. Setup NGINX

   # generate SSL
   mkdir /etc/nginx/ssl
   sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
   
   # config
   tee /etc/nginx/conf.d/rstudio_jupyter.conf << EOF
   server {
     listen 80;
     return 301 https://\$host\$request_uri;
   }
   
   map \$http_upgrade \$connection_upgrade {
     default upgrade;
     ''        close;
   }
   
   server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
   
     server_name _;
     ssl_certificate /etc/nginx/ssl/nginx.crt;
     ssl_certificate_key /etc/nginx/ssl/nginx.key;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;
   
     add_header Strict-Transport-Security "max-age=15768000";
     client_max_body_size 512M;
     fastcgi_buffers 64 4K;
   
     location /rstudio/ {
       rewrite ^/rstudio/(.*)$ /\$1 break;
       proxy_pass http://localhost:8787;
       proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
       proxy_http_version 1.1;
       proxy_set_header Upgrade \$http_upgrade;
       proxy_set_header Connection \$connection_upgrade;
       proxy_read_timeout 86400;
     }
   
     location ~* /jupyter.* {
       proxy_pass http://localhost:8000;
       proxy_http_version 1.1;
       proxy_set_header Host \$host;
       proxy_set_header X-Real-IP \$remote_addr;
       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
       proxy_set_header Upgrade \$http_upgrade;
       proxy_set_header Connection \$connection_upgrade;
       proxy_read_timeout 86400;
     }
   }
   EOF

3. Setup RStudio Server

   sed -i '/www-address/d' /etc/rstudio/rserver.conf
   tee -a /etc/rstudio/rserver.conf << EOF
   www-address=127.0.0.1
   EOF
   systemctl restart rstudio-server

4. Setup JupyterHub

   mkdir /jupyter
   # setup config
   tee /jupyter/jupyterhub_config.py << EOF
   c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
   c.JupyterHub.bind_url='http://:8000/jupyter'
   c.JupyterHub.config_file = '/jupyter/jupyterhub_config.py'
   c.JupyterHub.cookie_secret_file = '/jupyter/jupyterhub_cookie_secret'
   c.JupyterHub.data_files_path = '/usr/local/share/jupyterhub'
   c.JupyterHub.db_url = 'sqlite:////jupyter/jupyterhub.sqlite'
   EOF
   # setup service
   tee /etc/systemd/system/jupyterhub.service << EOF
   [Unit]
   Description=Jupyterhub
   After=syslog.target network.target
   
   [Service]
   User=root
   Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
   ExecStart=/usr/local/bin/jupyterhub -f /jupyter/jupyterhub_config.py
   
   [Install]
   WantedBy=multi-user.target
   EOF
   
   systemctl start jupyterhub