CoCalc Docker image linux toools

 Quickstart on a Linux server

  1. Make sure you have at least 15GB disk space free and Docker installed.
  2. Run
docker run --name=cocalc -d -v ~/cocalc:/projects -p 443:443 sagemathinc/cocalc
  1. Wait a few minutes for the image to pull, decompress and the container to start, then visit linux training

For other operating systems and way more details, see below.

What is this?

Run CoCalc for free for a small group on your own server!

This is a free open-source multiuser CoCalc server that you can very easily install on your own computer or server using Docker. If you need something to install on a cluster of servers using Kubernetes, see cocalc-kubernetes.

LICENSE AND SUPPORT:

  • Much of this code is licensed under the AGPL condition to the commons clause exception. If you would instead like a business-friendly MIT license instead, please contact help@cocalc.com, and we will sell you a 1-year license for $999, which includes some support (you can pay more for significant support). We do have several happy paying customers as of September 2020, and cocalc-docker is very popular.
  • Join the CoCalc Docker mailing list for news, updates and more.
  • CoCalc mailing list for general community support.

SECURITY STATUS:

  • This is not blatantly insecure from outside attack: the database has a long random password, user accounts are separate, encrypted SSL communication is used by default, etc.
  • That said, a determined user with an account can easily access or change files of other users in the same container! Open ports are exposed to users for reading/writing to project files, these can be used by authenticated users for accessing any other project’s open files. Requests should only connect to the main hub process, which proxies traffic to the raw server with an auth key created by the project’s secret key changing on every project startup, see Issue 45. Also see the related issues for adding a user auth token to all requests required for each separate sub module, including JupyterLab server Issue 46 and classical Jupyter in an iframe Issue 47.
  • There is no quota on project resource usage, so users could easily crash the server both intentionally or accidentally by running arbitrary code, and could also overflow the storage container by creating excessive files.
  • Use this for personal use, behind a firewall, or with an account creation token, so that only other people you trust create accounts. Don’t make one of these publicly available with important data in it and no account creation token! See issue 2031. Basically, use this only with people you trust.
  • See the open docker-related CoCalc issues. visit linux training

Instructions

Install Docker on your computer (e.g., apt-get install docker.io on Ubuntu). Make sure you have at least 15GB disk space free, then type:

docker run --name=cocalc -d -v ~/cocalc:/projects -p 443:443 sagemathinc/cocalc

wait a few minutes for the image to pull, decompress and the container to start, then visit https://localhost. (If you are using Microsoft Windows, instead open https://host.docker.internal/.) It is expected that you’ll see a “Your connection is not private” warning, since you haven’t set up a security certificate. Click “Show advanced” and “Proceed to localhost (unsafe)”.

NOTES:

  • This Docker image only supports 64-bit Intel.
  • If you get an error about the Docker daemon, instead run sudo docker ....
  • CoCalc will NOT work over insecure port 80. A previous version of these directions suggested using -p 80:80 above and visiting http://localhost, which will not work.
  • If you are using Microsoft Windows, instead make a docker volume and use that for storage:
  • docker volume create cocalc-volume docker run --name=cocalc -d -v cocalc-volume:/projects -p 443:443 sagemathinc/cocalc
  • IMPORTANT: If you are deploying CoCalc for use over the web (so not just on localhost), it is probably necessary to obtain a valid security certificate instead of using the self-signed unsafe one that is in your Docker container. See this discussion.visit linux training
  • If you are using Ubuntu as a host and would like the CoCalc instance to use your host’s time and timezone, you can amend the run command as follows, which will use your host’s timezone and localtime files inside the container:
  • docker run --name=cocalc -d -v ~/cocalc:/projects -v "/etc/timezone:/etc/timezone" -v "/etc/localtime:/etc/localtime" -p 443:443 sagemathinc/cocalc

The above command will first download the image, then start CoCalc, storing your data in the directory ~/cocalc on your computer. If you want to store your worksheets and edit history elsewhere, change ~/cocalc to something else. Once your local CoCalc is running, open your web browser to https://localhost. (If you are using Microsoft Windows, instead open https://host.docker.internal/.)

The docker container is called cocalc and you can refer to the container and use commands like: visit linux training

$ docker stop cocalc
$ docker start cocalc

You can watch the logs:

$ docker logs cocalc -f

However, these logs sometimes don’t work. In that case get a bash shell in the terminal and look at the logs using tail:

$ docker exec -it cocalc bash
$ tail -f /var/log/hub.log

Installing behind an Nginx Reverse Proxy

If you’re running multiple sites from a single server using an Nginx reverse proxy, a setup like the following could be useful.

Instead of mapping port 443 on the container to 443 on the host, map 443 on the container to an arbitray unused port on the host, e.g. 9090:

docker run --name=cocalc -d -v ~/cocalc:/projects -p 9090:443 sagemathinc/cocalc

In your nginx sites-available folder, create a file like the following called e.g. mycocalc:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}server {
    listen 443 ssl;
    server_name             mycocalc.com;
        
    #These need to be obtained independently for example from https://letsencrypt.org/, by running "certbot certonly" on the docker host after DNS is setup
    ssl_certificate         /etc/letsencrypt/live/mycocalc.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/mycocalc.com/privkey.pem;    location / {
        # push traffic through the proxy to the port you mapped above, in this case 9090, on the localhost:
        proxy_pass https://localhost:9090;
        
        # this enables proxying for websockets, which cocalc uses extensively:
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
    }
}

And soft-link it to your sites-enabled folder, e.g. sudo ln -s /etc/nginx/sites-available/mycocalc /etc/nginx/sites-enabled/mycocalc

If you’re using certbot and letsencrypt, you can then get a certificate for your domain using something like sudo certbot --nginx and selecting "mycocalc.com", which will automatically set up an ssl cert and modify your nginx server file.

OS X — Clock skew

It is critical that the Docker container have the correct time, since CoCalc assumes that the server has the correct time. On a laptop running Docker under OS X, the clock may get messed up any time you suspend/resume your laptop. This workaround might work for you: visit linux training

Location: Unnamed Road, Mount Vivian SA 5720, Australia

Comments

Post a Comment

Popular posts from this blog

SAP Business One Security Recommendations on Avoiding Risks of Potential Remote Code Execution in SAP HANA

 SymptomSAP HANA has disclosed two security issues about the Attackers could exploit the SAP HANA SQL interface or SAP HANA Extended Application Services (XS) to enable them to take complete control of the product, including viewing, changing, or deleting data. SAP HANA SQL Interface This issue is relevant for users of SAP Business One 9.0, version for SAP HANA & SAP Business One 9.1, version for SAP HANA running on any HANA revision lower than 97.02. know more sap security online training CVSS Information CVSS Base Score: 9.3 / 10 CVSS Base Vector: AV : Access Vector (Related exploit range)Network (N)AC : Access Complexity (Required attack complexity)Medium (M)Au : Authentication (Level of authentication needed to exploit)None (N)C : Impact to ConfidentialityComplete (C)I : Impact to IntegrityComplete (C)A : Impact to AvailabilityComplete (C) SAP HANA Extended Application Services (XS) This issue is relevant for users of SAP Business One 9.0, version for SAP HANA & SAP Bus...
Read more

Data Science Interview Questions

  Q.What do you mean by word Data Science? Ans:  Data Science is the extraction of knowledge from large volumes of data that are structured or unstructured, which is a continuation of the field data mining and predictive analytics, It is also known as knowledge discovery and data mining . know more  data science training Q.Explain the term botnet? Ans:  A botnet is a a type of bot running on an IRC network that has been created with a Trojan. Q.What is Data Visualization? Ans:   Data visualization is a common term that describes any effort to help people understand the significance of data by placing it in a visual context. Q.How you can define Data cleaning as a critical part of process? Ans:   Cleaning up data to the point where you can work with it is a huge amount of work. If we’re trying to reconcile a lot of sources of data that we don’t control like in this flight, it can take 80% of our time. Q.Point out 7 Ways how Data Scientists use Statistics? An...
Read more