Activate internal_ssl

[cmd-ntrf]

This requires a few modifications to batchspawner and jupyterhub_config.py.

Here is an example of a functional jupyterhub_config.py for a cluster at turtle.ulaval.cloud

c.JupyterHub.internal_ssl = True
c.JupyterHub.trusted_alt_names = ['DNS:turtle.ulaval.cloud', 'DNS:login01.int.turtle.ulaval.cloud']
c.Spawner.ssl_alt_names = ['DNS:*.int.turtle.ulaval.cloud', 'DNS:node*', 'DNS:turtle.ulaval.cloud']
c.Spawner.ssl_alt_names_include_local = False

It requires to add the following to submit.sh:

echo {{ssl_key}} | base64 -d > $JUPYTERHUB_SSL_KEYFILE
echo {{ssl_cert}} | base64 -d > $JUPYTERHUB_SSL_CERTFILE
echo {{ssl_ca}} | base64 -d > $JUPYTERHUB_SSL_CLIENT_CA

export JUPYTERHUB_SSL_KEYFILE=$HOME/$JUPYTERHUB_SSL_KEYFILE
export JUPYTERHUB_SSL_CERTFILE=$HOME/$JUPYTERHUB_SSL_CERTFILE
export JUPYTERHUB_SSL_CLIENT_CA=$HOME/$JUPYTERHUB_SSL_CLIENT_CA

And the following function to batchspawner.Spawner:

    async def move_certs(self, paths):
        import base64
        #self.user_options = {}
        with open(paths['keyfile'], 'rb') as file_:
            self.user_options['ssl_key'] = base64.b64encode(file_.read()).decode('utf-8')
        with open(paths['certfile'], 'rb') as file_:
            self.user_options['ssl_cert'] = base64.b64encode(file_.read()).decode('utf-8')
        with open(paths['cafile'], 'rb') as file_:
            self.user_options['ssl_ca'] = base64.b64encode(file_.read()).decode('utf-8')
        return {'keyfile' : paths['keyfile'].split('/')[-1],
                'certfile' : paths['certfile'].split('/')[-1],
                'cafile' : paths['cafile'].split('/')[-1]}