One place for hosting & domains


      How To Set Up Jupyter Notebook with Python 3 on Ubuntu 20.04 and Connect via SSH Tunneling


      Jupyter Notebook is an open-source web application that lets you create and share interactive code, visualizations, and more. This tool can be used with several programming languages, including Python, Julia, R, Haskell, and Ruby. It is often used for working with data, statistical modeling, and machine learning.

      Jupyter Notebooks (or just “Notebooks”) are documents produced by the Jupyter Notebook app which contain both computer code and rich text elements (paragraph, equations, figures, links, etc.) which aid in presenting and sharing reproducible research. They can therefore be an excellent tool to use for data-driven or programming-based presentations, or as a teaching tool.

      This tutorial will walk you through setting up Jupyter Notebook to run from an Ubuntu 20.04 server, as well as demonstrate how to connect to and use the notebook from a local machine via tunnelling. By the end of this guide, you will be able to run Python 3 code using Jupyter Notebook running on a remote server.


      In order to complete this guide, you should have a fresh Ubuntu 20.04 server instance with a basic firewall and a non-root user with sudo privileges configured. You can learn how to set this up by running through our initial server setup tutorial.

      Step 1 — Set Up Python

      To begin the process, we’ll install the dependencies we need for our Python programming environment from the Ubuntu repositories. Ubuntu 20.04 comes preinstalled with Python 3. We will use the Python package manager pip to install additional components a bit later.

      We first need to update the local apt package index and then download and install the packages:

      Next, install pip and the Python header files, which are used by some of Jupyter’s dependencies:

      • sudo apt install python3-pip python3-dev

      We can now move on to setting up a Python virtual environment into which we’ll install Jupyter.

      Step 2 — Create a Python Virtual Environment for Jupyter

      Now that we have Python 3, its header files, and pip ready to go, we can create a Python virtual environment to manage our projects. We will install Jupyter into this virtual environment.

      To do this, we first need access to the virtualenv command which we can install with pip.

      Upgrade pip and install the package by typing:

      • sudo -H pip3 install --upgrade pip
      • sudo -H pip3 install virtualenv

      The -H flag ensures that the security policy sets the home environment variable to the home directory of the target user.

      With virtualenv installed, we can start forming our environment. Create and move into a directory where we can keep our project files. We’ll call this my_project_dir, but you should use a name that is meaningful for you and what you’re working on.

      • mkdir ~/my_project_dir
      • cd ~/my_project_dir

      Within the project directory, we’ll create a Python virtual environment. For the purpose of this tutorial, we’ll call it my_project_env but you should call it something that is relevant to your project.

      • virtualenv my_project_env

      This will create a directory called my_project_env within your my_project_dir directory. Inside, it will install a local version of Python and a local version of pip. We can use this to install and configure an isolated Python environment for Jupyter.

      Before we install Jupyter, we need to activate the virtual environment. You can do that by typing:

      • source my_project_env/bin/activate

      Your prompt should change to indicate that you are now operating within a Python virtual environment. Your command prompt will now read something like this: (my_project_env)user@host:~/my_project_dir$.

      At this point, you’re ready to install Jupyter into this virtual environment.

      Step 3 — Install Jupyter

      With your virtual environment active, install Jupyter with the local instance of pip.

      Note: When the virtual environment is activated (when your prompt has (my_project_env) preceding it), use pip instead of pip3, even if you are using Python 3. The virtual environment’s copy of the tool is always named pip, regardless of the Python version.

      At this point, you’ve successfully installed all the software needed to run Jupyter. We can now start the Notebook server.

      Step 4 — Run Jupyter Notebook

      You now have everything you need to run Jupyter Notebook! To run it, execute the following command:

      A log of the activities of the Jupyter Notebook will be printed to the terminal. When you run Jupyter Notebook, it runs on a specific port number. The first Notebook you run will usually use port 8888. To check the specific port number Jupyter Notebook is running on, refer to the output of the command used to start it:


      [I 21:23:21.198 NotebookApp] Writing notebook server cookie secret to /run/user/1001/jupyter/notebook_cookie_secret [I 21:23:21.361 NotebookApp] Serving notebooks from local directory: /home/sammy/my_project_dir [I 21:23:21.361 NotebookApp] The Jupyter Notebook is running at: [I 21:23:21.361 NotebookApp] http://localhost:8888/?token=1fefa6ab49a498a3f37c959404f7baf16b9a2eda3eaa6d72 [I 21:23:21.361 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation). [W 21:23:21.361 NotebookApp] No web browser found: could not locate runnable browser. [C 21:23:21.361 NotebookApp] Copy/paste this URL into your browser when you connect for the first time, to login with a token: http://localhost:8888/?token=1fefa6ab49a498a3f37c959404f7baf16b9a2eda3eaa6d72

      If you are running Jupyter Notebook on a local computer (not on a server), you can navigate to the displayed URL to connect to Jupyter Notebook. If you are running Jupyter Notebook on a server, you will need to connect to the server using SSH tunneling as outlined in the next section.

      At this point, you can keep the SSH connection open and keep Jupyter Notebook running or you can exit the app and re-run it once you set up SSH tunneling. Let’s choose to stop the Jupyter Notebook process. We will run it again once we have SSH tunneling set up. To stop the Jupyter Notebook process, press CTRL+C, type Y, and then ENTER to confirm. The following output will be displayed:


      [C 21:28:28.512 NotebookApp] Shutdown confirmed [I 21:28:28.512 NotebookApp] Shutting down 0 kernels

      We’ll now set up an SSH tunnel so that we can access the Notebook.

      Step 5 — Connect to the Server Using SSH Tunneling

      In this section we will demonstrate how to connect to the Jupyter Notebook web interface using SSH tunneling. Since Jupyter Notebook will run on a specific port on the server (such as :8888, :8889 etc.), SSH tunneling enables you to connect to the server’s port securely.

      The next two subsections describe how to create an SSH tunnel from 1) a Mac or Linux, or 2) Windows. Please refer to the subsection for your local computer.

      SSH Tunneling with a Mac or Linux

      If you are using a Mac or Linux local computer, the steps for creating an SSH tunnel are similar to using SSH to log in to your remote server, except that there are additional parameters in the ssh command. This subsection will outline the additional parameters needed in the ssh command to tunnel successfully.

      SSH tunneling can be done by running the following SSH command in a new local terminal window:

      • ssh -L 8888:localhost:8888 your_server_username@your_server_ip

      The ssh command opens an SSH connection, but -L specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side (server). This means that whatever is running on the second port number (e.g. 8888) on the server will appear on the first port number (e.g. 8888) on your local computer.

      Optionally change port 8888 to one of your choosing to avoid using a port already in use by another process.

      server_username is your username (e.g. sammy) on the server which you created and your_server_ip is the IP address of your server.

      For example, for the username sammy and the server address, the command would be:

      • ssh -L 8888:localhost:8888 sammy@

      If no error shows up after running the ssh -L command, you can move into your programming environment and run Jupyter Notebook:

      You’ll receive output with a URL. From a web browser on your local machine, open the Jupyter Notebook web interface with the URL that starts with http://localhost:8888. Ensure that the token number is included, or enter the token number string when prompted at http://localhost:8888.

      SSH Tunneling with Windows and Putty

      If you are using Windows, you can create an SSH tunnel using Putty.

      First, enter the server URL or IP address as the hostname as shown:

      Set Hostname for SSH Tunnel

      Next, click SSH on the bottom of the left pane to expand the menu, and then click Tunnels. Enter the local port number you want to use to access Jupyter on your local machine. Choose 8000 or greater to avoid ports used by other services, and set the destination as localhost:8888 where :8888 is the number of the port that Jupyter Notebook is running on.

      Now click the Add button, and the ports should appear in the Forwarded ports list:

      Forwarded ports list

      Finally, click the Open button to connect to the server via SSH and tunnel the desired ports. Navigate to http://localhost:8000 (or whatever port you chose) in a web browser to connect to Jupyter Notebook running on the server. Ensure that the token number is included, or enter the token number string when prompted at http://localhost:8000.

      Step 6 — Using Jupyter Notebook

      This section goes over the fundamentals of using Jupyter Notebook. If you don’t currently have Jupyter Notebook running, start it with the jupyter notebook command.

      You should now be connected to it using a web browser. Jupyter Notebook is a very powerful tool with many features. This section will outline a few basic features to get you started using the Notebook. Jupyter Notebook will show all of the files and folders in the directory it is run from, so when you’re working on a project make sure to start it from the project directory.

      To create a new Notebook file, select New > Python 3 from the top right pull-down menu:

      Create a new Python 3 notebook

      This will open a Notebook. We can now run Python code in the cell or change the cell to markdown. For example, change the first cell to accept Markdown by clicking Cell > Cell Type > Markdown from the top navigation bar. We can now write notes using Markdown and even include equations written in LaTeX by putting them between the $$ symbols. For example, type the following into the cell after changing it to markdown:

      # First Equation
      Let us now implement the following equation:
      $$ y = x^2$$
      where $x = 2$

      To turn the markdown into rich text, press the CTRL and ENTER keys. You should receive output similar to the following:

      results of markdown

      You can use the markdown cells to make notes and document your code. Let’s implement that equation and print the result. Click on the top cell, then press the ALT and ENTER keys together to add a cell below it. Enter the following code in the new cell.

      x = 2
      y = x**2

      To run the code, press CTRL+ENTER. You’ll receive the following results:

      first equation results

      You now have the ability to import modules and use the Notebook as you would with any other Python development environment!


      Congratulations! You should now be able to write reproducible Python code and notes in Markdown using Jupyter Notebook. To get a quick tour of Jupyter Notebook from within the interface, select Help > User Interface Tour from the top navigation menu to learn more.

      From here, you can begin a data analysis and visualization project by reading Data Analysis and Visualization with pandas and Jupyter Notebook in Python 3.

      Source link

      How To Connect to a Redis Database


      Redis is an open-source, in-memory key-value data store. Whether you’ve installed Redis locally or you’re working with a remote instance, you need to connect to it in order to perform most operations. In this tutorial we will go over how to connect to Redis from the command line, how to authenticate and test your connection, as well as how to close a Redis connection.

      How To Use This Guide
      This guide is written as a cheat sheet with self-contained examples. We encourage you to jump to any section that is relevant to the task you’re trying to complete.

      The commands and outputs shown in this guide were tested on an Ubuntu 18.04 server running Redis version 4.0.9. To obtain a similar setup, you can follow Step 1 of our guide on How To Install and Secure Redis on Ubuntu 18.04. We will demonstrate how these commands behave by running them with redis-cli, the Redis command line interface. Note that if you’re using a different Redis interface — Redli, for example — the exact outputs of certain commands may differ.

      Alternatively, you could provision a managed Redis database instance to test these commands, but note that depending on the level of control allowed by your database provider, some commands in this guide may not work as described. To provision a DigitalOcean Managed Database, follow our Managed Databases product documentation. Then, you must either install Redli or set up a TLS tunnel in order to connect to the Managed Database over TLS.

      Connecting to Redis

      If you have redis-server installed locally, you can connect to the Redis instance with the redis-cli command:

      This will take you into redis-cli’s interactive mode which presents you with a read-eval-print loop (REPL) where you can run Redis’s built-in commands and receive replies.

      In interactive mode, your command line prompt will change to reflect your connection. In this example and others throughout this guide, the prompt indicates a connection to a Redis instance hosted locally ( and accessed over Redis’s default port (6379):

      The alternative to running Redis commands in interactive mode is to run them as arguments to the redis-cli command, like so:

      If you want to connect to a remote Redis datastore, you can specify its host and port numbers with the -h and -p flags, respectively. Also, if you’ve configured your Redis database to require a password, you can include the -a flag followed by your password in order to authenticate:

      • redis-cli -h host -p port_number -a password

      If you’ve set a Redis password, clients will be able to connect to Redis even if they don’t include the -a flag in their redis-cli command. However, they won’t be able to add, change, or query data until they authenticate. To authenticate after connecting, use the auth command followed by the password:

      If the password passed to auth is valid, the command will return OK. Otherwise, it will return an error.

      If you’re working with a managed Redis database, your cloud provider may give you a URI that begins with redis:// or rediss:// which you can use to access your datastore. If the connection string begins with redis://, you can include it as an argument to redis-cli to connect.

      However, if you have a connection string that begins with rediss://, that means your managed database requires connections over TLS/SSL. redis-cli does not support TLS connections, so you’ll need to use a different tool that supports the rediss protocol in order to connect with the URI. For DigitalOcean Managed Databases, which require connections to be made over TLS, we recommend using Redli to access the Redis instance.

      Use the following syntax to connect to a database with Redli. Note that this example includes the --tls option, which specifies that the connection should be made over TLS, and the -u flag, which declares that the following argument will be a connection URI:

      • redli --tls -u rediss://connection_URI

      I you’ve attempted to connect to an unavailable instance, redis-cli will go into disconnected mode. The prompt will reflect this:

      Redis will attempt to reestablish the connection every time you run a command when it’s in a disconnected state.

      Testing Connections

      The ping command is useful for testing whether the connection to a database is alive. Note that this is a Redis-specific command and is different from the ping networking utility. However, the two share a similar function in that they’re both used to check a connection between two machines.

      If the connection is up and no arguments are included, the ping command will return PONG:



      If you provide an argument to the ping command, it will return that argument instead of PONG if the connection is successful:


      "hello Redis!"

      If you run ping or any other command in disconnected mode, you will see an output like this:


      Could not connect to Redis at host:port: Connection refused

      Note that ping is also used by Redis internally to measure latency.

      Disconnecting from Redis

      To disconnect from a Redis instance, use the quit command:

      Running exit will also exit the connection:

      Both quit and exit will close the connection, but only as soon as all pending replies have been written to clients.


      This guide details a number of commands used to establish, test, and close connections to a Redis server. If there are other related commands, arguments, or procedures you’d like to see in this guide, please ask or make suggestions in the comments below.

      For more information on Redis commands, see our tutorial series on How to Manage a Redis Database.

      Source link

      How To Connect to a Managed Redis Instance over TLS with Stunnel and redis-cli


      A managed Redis instance can provide benefits like high availability and automated updates. However, any time you make a connection to a remote database server, you run the risk of malicious actors sniffing the sensitive information you send to it.

      redis-cli, the Redis command line interface, doesn’t natively support connections over TLS, a cryptographic protocol that allows for secure communications over a network. This means that without further configuration, redis-cli is not a secure way to connect to a remote Redis server. One way to establish a secure connection to a managed Redis instance is to create a tunnel that uses the TLS protocol.

      Stunnel is an open-source proxy used to create secure tunnels, allowing you to communicate with other machines over TLS. In this guide, we will walk through installing and configuring stunnel so you can connect to a managed Redis instance over TLS with redis-cli.


      To complete this guide, you will need:

      • Access to an Ubuntu 18.04 server. This server should have a non-root user with administrative privileges and a firewall configured with ufw. To set this up, follow our initial server setup guide for Ubuntu 18.04.
      • A managed Redis database instance. The steps outlined in this tutorial were tested on a DigitalOcean Managed Redis Database, though they should generally work for managed databases from any cloud provider. To provision a DigitalOcean Managed Redis Database, follow our Managed Redis product documentation.

      Step 1 — Installing Stunnel and redis-cli

      When you install a Redis server, it usually comes packaged with redis-cli. However, you can install redis-cli without the Redis server by installing the redis-tools package from the default Ubuntu repositories. You can also install stunnel from the default Ubuntu repositories by downloading the stunnel4 package.

      First, update your server’s package index if you’ve not done so recently:

      Then install the redis-tools and stunnel4 packages with APT:

      • sudo apt install redis-tools stunnel4

      When prompted, press ENTER to confirm that you want to install the packages.

      You can check whether stunnel was installed correctly and its systemd service is working by running the following command:

      • sudo systemctl status stunnel4


      ● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons) Loaded: loaded (/etc/init.d/stunnel4; generated) Active: active (exited) since Thu 2019-09-12 14:34:05 UTC; 8s ago Docs: man:systemd-sysv-generator(8) Tasks: 0 (limit: 2362) CGroup: /system.slice/stunnel4.service Sep 12 14:34:05 stunnel systemd[1]: Starting LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)... Sep 12 14:34:05 stunnel stunnel4[2034]: TLS tunnels disabled, see /etc/default/stunnel4 Sep 12 14:34:05 stunnel systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).

      Here, you can see that the stunnel service is active, though the process immediately exited. This tells us that stunnel is running, but it isn’t able to actually do anything since we haven’t yet configured it.

      Step 2 — Configuring Stunnel

      Modern Linux systems rely on systemd for initializing and managing services and daemons. However, stunnel uses a SysV-style init script, which is based on the older UNIX System V init system, for startup. You’ll need to modify the /etc/default/stunnel4 file to enable this init script.

      Open this file with your preferred text editor. Here, we’ll use nano:

      • sudo nano /etc/default/stunnel4

      Find the ENABLED option near the top of the file. It will be set to 0 by default, but change this to 1 to enable stunnel to start at boot:


      # /etc/default/stunnel
      # Julien LEMOINE <>
      # September 2003
      # Change to one to enable stunnel automatic startup
      . . .

      Save and close the file. If you used nano to edit the file, do so by pressing CTRL+X, Y, then ENTER.

      Next, you will need to create a configuration file for stunnel which will tell the program where it needs to route traffic.

      Open a new file called stunnel.conf under the /etc/stunnel directory:

      • sudo nano /etc/stunnel/stunnel.conf

      Add the following content to this file:


      fips = no
      setuid = nobody
      setgid = nogroup
      pid =
      debug = 7
        client = yes
        accept =
        connect = managed_redis_hostname_or_ip:managed_redis_port

      The first five lines in the file are global options, meaning they will apply to every service you include in this file:

      • fips: Enables or disables stunnel’s FIPS 140-2 mode. In this mode, stunnel will validate that the connection meets the Federal Information Processing Standard. Setting this to no disables this feature. Note that disabling this is not any less secure, but keeping it enabled (as it is by default) would require some extra configuration.
      • setuid: Defines the Unix user ID under which stunnel will run. By default, the stunnel process is owned by the root user. However, the stunnel documentation recommends that you drop administrative privileges once the tunnel starts, as failing to do so poses a security risk. Setting the setuid parameter to nobody will cause nobody, an unprivileged user, to take ownership over the stunnel process once the tunnel has been established.
      • setgid: Defines the Unix group ID under which stunnel will run. As with setuid, this configuration specifies a group without any special privileges — nogroup — to avoid any potential security issues.
      • pid: Defines a file location where stunnel will create a .pid file, a type of file that contains a process’s PID. .pid files are typically used by other programs to find the PID of a running process. By default, stunnel creates a .pid file in the /var/run/stunnel4/ directory. Because the nobody user doesn’t have permission to access that directory, it will prevent the tunnel from starting correctly. By not providing any argument to the pid parameter in this configuration we’re disabling this behavior, as a .pid file isn’t necessary for the purposes of this tutorial. If you do need a .pid file for your use case, though, be sure to set this to a file that nobody has permission to write to.
      • debug: Sets stunnel’s debugging level, which can range from 0 to 7. In this example we’ll set it to 7, the highest level available, as that will provide the most detailed information if stunnel runs into any issues. You can set it to any level you like, but be aware that the default setting is 5.

      The remaining lines are service-level options, and only apply to the tunnel we’ll create for redis-cli:

      • [redis-cli]: This is a service name and specifies that the following lines represent an individual service configuration for a client program. You can have more than one service in a stunnel configuration file, though each must be associated with an existing client application and you can’t have two services for the same application.
      • client: Setting this to yes tells stunnel to run in client mode, meaning that stunnel will connect to a TLS server (the managed Redis instance) rather than act as a TLS server.
      • accept: Defines the host and port on which stunnel will accept connections from the client. Here, we specify the IP address, which is an IPv4 loopback address used to represent localhost, and port 8000. This means stunnel will listen for connections originating from the Ubuntu server on port 8000 and encrypt them. Note that you can set the port to any port number you like as long as it’s not already in use.
      • connect: Defines the remote address and port to which stunnel will make the connection. Be sure to change this parameter to align with your managed database’s port and hostname or IP address.

      Note: The hostname or IP address and port you should specify in the connect directive will be specific to your own managed Redis database. These can usually be found in your cloud provider’s database management user interface where you provisioned your Redis instance.

      If you’re using a DigitalOcean Managed Redis Database, you can find this information by going to your Control Panel and clicking on Databases in the left-hand sidebar menu. Then, click on the name of the Redis instance you want to connect to and scroll down to the Connection Details section. There, you will find fields describing your database’s host and port.

      This is a fairly minimal configuration that leaves many of stunnel’s default settings in place. The program has many options available for you to create tunnels that suit your particular needs. See the official documentation for more details.

      After adding this content, save and close the file.

      Then, restart the stunnel4 service so stunnel will read the new configuration file:

      • sudo systemctl restart stunnel4

      Following that, you can test whether stunnel has created with netstat, a command line utility used to display network connections. Run the following command, which pipelines the netstat output into a grep command, which then searches it for every instance of stunnel:

      • sudo netstat -plunt | grep stunnel


      tcp 0 0* LISTEN 17868/stunnel

      This output shows that stunnel is listening for connections on local port 8000.

      You can also confirm that the nobody user has taken ownership over the stunnel process with ps, a program that displays all currently-running processes:


      nobody 15674 0.0 0.1 121912 3180 ? Ssl 19:28 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf . . .

      Here, you can see that nobody has indeed taken over the stunnel process.

      Stunnel is now fully configured and running on your system. You’re ready to connect to your managed Redis instance and test that the tunnel is working as expected.

      Step 3 — Connecting To Your Managed Database over TLS

      Now that you’ve installed redis-cli and configured stunnel on your server, you’re ready to connect to your managed database over TLS.

      Based on the settings defined in the configuration file created in Step 2, you would connect to your managed database with the following command:

      • redis-cli -h localhost -p 8000

      This command includes the -h flag, which tells redis-cli that the next argument will be the host to connect to. In this case, it’s localhost since we’re connecting to a tunnel created locally on the server. After that is the -p flag, which precedes the port of the local tunnel we’re connecting to, which in this case is port 8000.

      After running that command, you will be connected to your managed Redis server. Your prompt will change to reflect that you’ve connected and are in redis-cli’s interactive mode:

      Note: Oftentimes, managed databases are configured to require users to authenticate with a password when they connect. If your managed Redis instance requires a password, you can include the -a flag in your redis-cli command, followed by your password:

      • redis-cli -h localhost -p 8000 -a password

      Alternatively, you can authenticate by running the auth command followed by your password after establishing the connection:

      If you’re using a DigitalOcean Managed Database, you can find your Redis instance’s password in the same place you found its hostname and port. In your Control Panel, click on Databases in the left-hand sidebar menu. Then, click on the name of the Redis instance you’ve connected to. Scroll down to the Connection Details section, and there you’ll find a field labeled password. Click on the show button to reveal the password, then copy and paste it into either of these commands — replacing password — in order to authenticate.

      You can test whether the tunnel is working as expected by running the ping command from Redis’s interactive mode:

      If the connection is alive it will return PONG:



      If, however, stunnel is not tunnelling traffic from your server to your Redis instance correctly, you may see an error message like this before being disconnected from Redis:


      Error: Server closed the connection

      If you receive this or a similar error, double check that you’ve entered your Redis instance’s hostname and port correctly in your stunnel.conf file. Likewise, be sure that you entered the correct port number in your redis-cli command.

      Once you’ve confirmed that the tunnel is working, go ahead and disconnect from your Redis instance:

      If you ever change stunnel’s configuration, you’ll need to reload or restart the stunnel4 service so stunnel will notice the changes:

      • sudo systemctl reload stunnel4

      However, if at any point in the future you want to close the TLS tunnel, you won’t be able to close it with systemctl. Instead, you’ll need to kill the process with the pkill command:

      After the tunnel has ben closed, you can reopen the tunnel by restarting the service:

      • sudo systemctl restart stunnel4

      Now that you’ve successfully configured stunnel, you’re all set to begin adding data to your managed Redis instance with redis-cli.


      Stunnel is a handy tool for creating TLS tunnels and establishing secure connections to remote servers. This is especially useful in cases where the secure transport of information between machines is critical, as with a remote database.

      From here, you can begin exploring Redis and integrating it with your next application. If you’re new to working with Redis, you may find our series on How To Manage a Redis Database useful.

      Source link