Securely Deploy Jupyter Notebook with Anaconda, Nginx, and Let’s Encrypt

Basic Structure

There is nothing overly complex—just the usual Python stack: pandas, numpy, matplotlib, etc. For convenience, the author adds Jupyter Notebook (formerly IPython Notebook) and places a front‑end reverse proxy with Nginx or Apache, then secures it with Let’s Encrypt HTTPS (using a method that works without port 80).

Installation Environment

The author manually installs required packages on FreeBSD or Debian servers, but notes that this approach is not suitable for beginners. Linux or macOS are relatively easy, while Windows can be a nightmare because many packages have non‑Python dependencies and lack a built‑in compiler.

Therefore, the recommended shortcut is Anaconda . It bundles the Python runtime, common libraries, and a package manager, making Python usable on any platform. Installation is as simple as downloading the installer from the official site and running it, preferably the Python 3 version since Python 2 is obsolete.

Initial Use

After installing Anaconda, the Python environment is ready via the command line (or an editor; the author prefers VIM over IDLE). For serious work, an IDE like PyCharm is optional, but for beginners a notebook is more convenient.

Jupyter Notebook is included in the latest Anaconda release. To start it locally, run jupyter notebook. This launches a server instance, opens a browser window, and provides the notebook interface.

Configuring Jupyter Notebook

Jupyter’s configuration is simpler than the old IPython Notebook. Create a config file (e.g., jupyter_notebook_config.py) which appears under ~/.jupyter/. Among many options, set c.NotebookApp.open_browser = False to prevent automatic browser launch.

Since manual browser launch requires a token, the author recommends setting a password. Run jupyter notebook password in the terminal, enter the desired password, and it will be saved to the config file. After restarting Jupyter, you can log in with the password.

Reverse Proxy Configuration

Because Jupyter uses WebSocket, a simple reverse proxy to port 8888 is insufficient. The author provides example Nginx and Apache configurations that correctly proxy WebSocket traffic to the Jupyter server.

HTTPS Configuration

The author previously covered HTTPS many times, but this article presents a method that works without port 80. Traditional ACME‑tiny requires HTTP validation, which is impossible here, so the TLS‑SNI‑01 challenge (HTTPS‑only) is used.

Install the Let’s Encrypt client (example shown for Nginx), then generate a certificate. The client automatically creates the certificate, saves it, and updates the Nginx configuration.

After the certificate is in place, you can access Jupyter via https://your.domain.name/, log in with the password set earlier, and use the notebook securely.