Simon Li
Simon Li
I mentioned in passing that I'd gotten it working with Podman but didn't give any details. Still proof-of-concept rather than something you'd want in production, but fun to play with...
Thanks for expanding your use case. I think a diagram of the requests between each of the components would be helpful. In particular I still don't understand why jupyter-server-proxy requires...
Thanks for the diagram. I agree you only need a SSL client. I'm not convinced it requires a key though. For example suppose you wanted to proxy https://grafana.mybinder.org/ (there's no...
A self-signed cert would require the internal CA or the public self-signed certificate to verify it, but it still shouldn't require the private key.
See for example this Stack Overflow when using the requests module: https://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate Only the server's public certificate should be required
According to the [`httpclient.HTTPRequest` documentation](https://www.tornadoweb.org/en/stable/httpclient.html) you can pass the server certificate(s) `ca_certs` directly to the `tornado.httpclient.HTTPRequest()` call. I think this would be clearer than using the SSL context object, if...
Fair enough! Let's stick with the ssl-context for now then. In addition to the [`load_cert_chain`](https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain) method you mentioned there's also a [`load_default_certs`](https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs) method, so how does the following sound: -...
Instead of another property `internal_ssl` how about only use the existing properties: - `https: True`, other properties unset: use `load_default_certs` - `https: True`, one or more other properties set: use...
I'll see if I can push some changes so that my test will pass.
I think SSL is cursed! I managed to get my test passing: https://github.com/jupyterhub/jupyter-server-proxy/compare/master...manics:pr169?expand=1 To do this I moved the SSL configuration from the top-level global config to a per-server config...