Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about local server and TLS on mailing list #31

Open
Carreau opened this issue Feb 21, 2022 · 1 comment
Open

Question about local server and TLS on mailing list #31

Carreau opened this issue Feb 21, 2022 · 1 comment

Comments

@Carreau
Copy link
Member

Carreau commented Feb 21, 2022 

Obj: Connection to Jupyter notebook not secure

Hey,

I see a warning on left hand side of my Jupyter notebook url saying that the connection to the site is not secure.
I’ve attached a screenshot of the same.

Please help me understand why it says so and what are the precautions I can take.

Thank you.

[image of jupyter notebook on localhost 8888, clicking on padlock show this website is insecure].
@Carreau
Copy link
Member Author

Carreau commented Feb 21, 2022

Hi there, 

Thanks for your question, I'm not sure how much knowledge you have into networking/programming Jupyter, so I hope this explanation will suit you, feel free to ask for more details.

When you connect to a website, your computer talk to a server on another computer and we usually want this connection to be encrypted for no one to be able to listen to it. While usually the server is on another computer in the case of Jupyter they are on the same computer.

When you typed jupyter notebook, (or jupyter lab), you start a server on your local machine, and your browser accesses it.
That is what "localhost:xxxx" means, localhost is a specific name, you might also see 127.0.0.1 which is a special ip meaning "current computer".

Your computer communicating with itself is generally much less of a security concern for eavesdropping than communicating with another one (Unless you are in an environment where your computer is shared with multiple users that might be hostile to you). And setting up https between your computer and itself are extra steps that are not always easy, and can't be done automatically.

If you wish to try you will need a self-signed certificate, you can see how to do that here: https://jupyter-notebook.readthedocs.io/en/stable/public_server.html#using-ssl-for-encrypted-communication, it still won't be perfect as you may still get warnings about trusts.

But in general if:

  • You are the only person using your computer.
  • You are not accessing the notebook from another computer.
  • You are fairly certain you don't have other dangerous programs on your computer

It should be fairly ok to have this warning for localhost:XXXX

Hope this answers your question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Carreau