This repository tries to give guidelines for setting up a JupyterHub environment, where data-sharing is enabled by a NextCloud-backend and users are authentified with CoreOS’s dex OpenIDConnect Client.
To deploy the system, three different docker-compose yaml files are needed. The OIDC provider should be hosted on a different (virtual-)machine then Nextcloud and Jupyterhub.
To use the provided files, the files have to be adapted at several places. Grep for:
WHITELISTED_USERS #Users are formated username_conntector\nusername2_connector2\n etc
DEX_BASE_URL # e.g. 127.0.0.1:5554/dex or domain name plus /dex
DEX_BASE_URL_AS_CN # e.g. 127.0.0.1 or domain name
DEX_POSTGRES_PASSWORD
JUPYTERHUB_BASE_URL
JUPYTERHUB_OAUTH_SECRET
JUPYTERHUB_ADMIN_PWD
JUPYTERHUB_CHECKPOINTS_PWD
JUPYTERHUB_STATE_PWD
NEXTCLOUD_BASE_URL
NEXTCLOUD_OAUTH_SECRET
NEXTCLOUD_ADMIN
NEXTCLOUD_ADMIN_PWD
NEXTCLOUD_MYSQL_PWD
MITRE_BASE_URL
DEX_CLIENT_ID_MITRE
DEX_CLIENT_SECRET_MITRE
DEX_CLIENT_ID_GITHUB
DEX_CLIENT_SECRET_GITHUB
Clone the repository and its submodules:
git clone https://github.com/maltevogl/jupyterworkspace.git
cd jupyterworkspace
git submodule update --init --recursive
The structure should be
-->jupyterworkspace
--> forks/jupyterhub
--> jupyterhub
--> nextcloud
--> dexoidc
After editing the above mentioned settings, deploy first dexoidc, then nextcloud, then JupyterHub. Depending on your ssl settings, importing a root CA into the nextcloud container might be requiered.
Users are requiered to login first via JupyterHub, as this initiates the user creation and mounts the webdav. After this process the NextCloud frontend can be used with the Dex Oauth Login.
User passwords are set with a uuid, such that login is only possible via the Dex flow. Only the admin user for JupyterHub and Nextcloud have conventional passwords.