Skip to content

Instantly share code, notes, and snippets.

@fcollonval

fcollonval/Dockerfile

Last active May 25, 2025 12:10
Show Gist options
  • Save fcollonval/b7b6368ff7e5bc5e558c676f4338ffa2 to your computer and use it in GitHub Desktop.
Save fcollonval/b7b6368ff7e5bc5e558c676f4338ffa2 to your computer and use it in GitHub Desktop.
Download ZIP
JupyterHub with Gitea as authenticator
Raw
README.md

Configuration example to use Gitea as authentication provider for JupyterHub

How to use it?

  1. Create a folder named gitea next to these files. It should be readable and writeable by the user with uid=1000 gid=1000
  2. Built the JupyterHub image: docker compose build
  3. Start the applications: docker compose up -d
  4. Open Gitea with your web browser: http://localhost:3000/
  5. Expand the admin configuration block and define an admin user with king as username
  6. Setup an OAuth client within the Gitea admin settings: https://docs.gitea.com/development/oauth2-provider Set the redirection URL to: http://localhost:8000/hub/oauth_callback
  7. Copy the client id and client secret
  8. Update these settings in jupyterhub_config.py
  9. Stop the applications: docker compose down
  10. Rebuild and restart:
  11. docker compose build
  12. docker compose up -d
  13. Open JupyterHub: http://localhost:8000/

That is! You should be able to log in as king in JupyterHub.

Raw
docker-compose.yaml
services:
hub:
container_name: jp-hub
build:
context: .
dockerfile: ./Dockerfile
networks:
- frontend
ports:
- 8000:8000
server:
image: docker.gitea.com/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- frontend
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
networks:
frontend:
external: false
Raw
Dockerfile
ARG BASE_IMAGE=jupyterhub/jupyterhub:latest
FROM $BASE_IMAGE
RUN apt-get update && apt-get --assume-yes install wget xz-utils libglib2.0-0 \
libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdbus-1-3 libdrm2 libxkbcommon0 libxcomposite1 \
libxdamage1 libxfixes3 libxrandr2 libgbm1 libgtk-3-0 libpango-1.0-0 libcairo2 libgdk-pixbuf2.0-0 \
libatspi2.0-0 \
&& python3 -m pip install oauthenticator setuptools jupyterlab \
&& useradd --no-log-init -r -u 1000 king && mkdir -p /home/king && chown king /home/king \
&& useradd --no-log-init -r -u 999 jovyan && mkdir -p /home/jovyan && chown jovyan /home/jovyan \
&& useradd --no-log-init -r -u 998 marc && mkdir -p /home/marc && chown marc /home/marc
COPY ./jupyterhub_config.py /srv/jupyterhub/
Raw
jupyterhub_config.py
"""JupyterHub configuration for testing this service."""
import sys
# c.JupyterHub.log_level = "DEBUG"
# c.JupyterHub.authenticator_class = "jupyterhub.auth.DummyAuthenticator"
c.JupyterHub.authenticator_class = 'generic-oauth'
# c.DummyAuthenticator.password = 'password'
c.Authenticator.admin_users = {"king"}
c.Authenticator.allowed_users = {"king", "jovyan", "marc"}
c.OAuthenticator.validate_server_cert = False
c.GenericOAuthenticator.client_id = 'CLIENT_ID'
c.GenericOAuthenticator.client_secret = 'CLIENT_SECRET'
c.GenericOAuthenticator.oauth_callback_url = 'http://localhost:8000/hub/oauth_callback'
# https://docs.gitea.com/development/oauth2-provider#endpoints
c.GenericOAuthenticator.authorize_url = 'http://localhost:3000/login/oauth/authorize'
# Tip we need to use the container hostname to make request between services
c.GenericOAuthenticator.token_url = 'http://gitea:3000/login/oauth/access_token'
c.GenericOAuthenticator.userdata_url = 'http://gitea:3000/login/oauth/userinfo'
c.GenericOAuthenticator.scope = ['read:user']
c.GenericOAuthenticator.username_claim = 'preferred_username'
c.JupyterHub.redirect_to_server = False
c.JupyterHub.spawner_class = "jupyterhub.spawner.LocalProcessSpawner"
c.LocalProcessSpawner.notebook_dir = "/home/{username}"
c.Spawner.default_url = "/lab"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment