Adding Firewalled Jupyter to a GCP VM
Everything from CLI
This is a short-but-complete guide to setting up a Jupyter instance on GCP.
Clearly this has been done before, but I wanted to have my own notes on the process, and also didn’t want to have to mess with the Console UI.
The Jupyter set-up below is scriptable.
If you don’t need the
jupyterinstance to be available to anyone else (i.e. access from your local machine is all you need), please see my follow-up post about doing this behind the firewall. This method will also allow you to run
tensorboardsafely, and mount your VM drives locally too (useful for editing files directly in a local IDE).
Use an existing GCP VM
( To see how to do this - even if only for the
gcloud instance create ... command - please see my
Building a reusable Deep Learning VM on Google Cloud post ).
Then start the machine and
ssh into it:
Create a local
venv for python
The following is copied from Building a reusable Deep Learning VM on Google Cloud post :
One-time install of jupyter
Once you have a
venv installed (assumed to be named as above).
- See the Jupyter Docs for reference:
Set up SSL certificates for extra security
This may be security theatre, though, since the certificates are untrusted, though I guess it prevents over-the-wire snooping of the Jupyter code…
Add default configuration to
Add a firewall rule to allow access from the internet
On the local machine, set up a firewall rule so you have access to the Jupyter port on the VM.
- See the GCP documentation for reference:
Launch Jupyter on the server
Since we’ve set up the default
notebook-dir and other command-line options in the configuration,
jupyter should work from whereever you launch it:
This will (until you optionally add a password using the Jupyter browser GUI) give you
something like :
token=437abd35ddXXXXd9579f5bd6bc16596acYYYYe180b60e3e9 that you should ‘grab’ somehow (to paste into the browser later).
Get the Server IP address
Find the IP address of the server, either:
- From the GCP control panel (as ‘external IP’); or
- By running the following on the local machine :
Launch Jupyter in the browser
Now you can get to the running instance :
- Browse to
- When you get a ‘Your connection is not private’ warning,
allow for unsafe browsing (since the SSL certificate we made above was not signed by
one of the chains that browers are configured with)
by pressing the ‘Advanced’ button and then clicking ‘Proceed to
- Use the ‘key’ that your Jupyter server suggests, so that your Jupyter session cannot be stumbled upon by others on the internet (unless you also tell them the token which has ~48 hex-digits)
- Optionally : Create a simpler password so that you can access
jupytersessions key-less next time
- When you get a ‘Your connection is not private’ warning, allow for unsafe browsing (since the SSL certificate we made above was not signed by one of the chains that browers are configured with) by pressing the ‘Advanced’ button and then clicking ‘Proceed to
Terminate the GCP VM when done…
Once completely finished with messing around with the VM/project, kill off the firewall rule too:
blog comments powered by Disqus