Config file and command line options

The notebook server can be run with a variety of command line arguments. A list of available options can be found below in the options section.

Defaults for these options can also be set by creating a file named in your Jupyter folder. The Jupyter folder is in your home directory, ~/.jupyter.

To create a file, with all the defaults commented out, you can use the following command line:

$ jupyter notebook --generate-config


This list of options can be generated by running the following and hitting enter:

$ jupyter notebook --help

Default: '%Y-%m-%d %H:%M:%S'

The date format used by logging formatters for %(asctime)s


Default: '[%(name)s]%(highlevel)s %(message)s'

The Logging format template


Default: 30

Set the log level by value or name.


Default: False

Answer yes to any prompts.


Default: ''

Full path of a config file.


Default: ''

Specify a config file to load.


Default: False

Generate default config file.


Default: False

Set the Access-Control-Allow-Credentials: true header


Default: ''

Set the Access-Control-Allow-Origin header

Use ‘*’ to allow any origin to access your server.

Takes precedence over allow_origin_pat.


Default: ''

Use a regular expression for the Access-Control-Allow-Origin header

Requests from an origin matching the expression will get replies with:

Access-Control-Allow-Origin: origin

where origin is the origin of the request.

Ignored if allow_origin is set.


Default: True

Allow password to be changed at login for the notebook server.

While loggin in with a token, the notebook server UI will give the opportunity to the user to enter a new password at the same time that will replace the token login mechanism.

This can be set to false to prevent changing password from the UI/API.


Default: False

Allow requests where the Host header doesn’t point to a local server

By default, requests get a 403 forbidden response if the ‘Host’ header shows that the browser thinks it’s on a non-local domain. Setting this option to True disables this check.

This protects against ‘DNS rebinding’ attacks, where a remote web server serves you a page and then changes its DNS to send later requests to a local IP, bypassing same-origin checks.

Local IP addresses (such as and ::1) are allowed as local, along with hostnames configured in local_hostnames.


Default: False

Whether to allow the user to run the notebook as root.


Default: False

Reload the webapp when changes are made to any Python src files.


Default: '/'

DEPRECATED use base_url


Default: '/'

The base URL for the notebook server.

Leading and trailing slashes can be omitted, and will automatically be added.


Default: ''

Specify what command to use to invoke a web browser when opening the notebook. If not specified, the default browser will be determined by the webbrowser standard library module, which allows setting of the BROWSER environment variable to override it.


Default: ''

The full path to an SSL/TLS certificate file.


Default: ''

The full path to a certificate authority certificate for SSL/TLS client authentication.


Default: ''

The config manager class to use


Default: ''

The notebook manager class to use.


Default: {}

Extra keyword arguments to pass to set_secure_cookie. See tornado’s set_secure_cookie docs for details.


Default: b''

The random bytes used to secure cookies. By default this is a new random number every time you start the Notebook. Set it to a value in a config file to enable logins to persist across server sessions.

Note: Cookie secrets should be kept private, do not share config files with cookie_secret stored in plaintext (you can read the value from a file).


Default: ''

The file where the cookie secret is stored.


Default: ''

Override URL shown to users.

Replace actual URL, including protocol, address, port and base URL, with the given value when displaying URL to the users. Do not change the actual connection URL. If authentication token is enabled, the token is added to the custom URL automatically.

This option is intended to be used when the URL to display to the user cannot be determined reliably by the Jupyter notebook server (proxified or containerized setups for example).


Default: '/tree'

The default URL to redirect to from /


Default: False

Disable cross-site-request-forgery protection

Jupyter notebook 4.3.1 introduces protection from cross-site request forgeries, requiring API requests to either:

  • originate from pages served by this server (validated with XSRF cookie and token), or

  • authenticate with a token

Some anonymous compute resources still desire the ability to run code, completely without authentication. These services can disable all authentication and security checks, with the full knowledge of what that implies.


Default: True

Whether to enable MathJax for typesetting math/TeX

MathJax is the javascript library Jupyter uses to render math/LaTeX. It is very large, so you may want to disable it if you have a slow internet connection, or for offline use of the notebook.

When disabled, equations etc. will appear as their untransformed TeX source.


Default: []

extra paths to look for Javascript notebook extensions


Default: []

handlers that should be loaded at higher priority than the default services


Default: []

Extra paths to search for serving static files.

This allows adding javascript/css to be available from the notebook server machine, or overriding individual files in the IPython


Default: []

Extra paths to search for serving jinja templates.

Can be used to override templates from notebook.templates.


Default: ''

No description


Default: {}

Extra keyword arguments to pass to get_secure_cookie. See tornado’s get_secure_cookie docs for details.


Default: False

Deprecated: Use minified JS file or not, mainly use during dev to avoid JS recompilation


Default: 1000000

(bytes/sec) Maximum rate at which stream output can be sent on iopub before they are limited.


Default: 1000

(msgs/sec) Maximum rate at which messages can be sent on iopub before they are limited.


Default: 'localhost'

The IP address the notebook server will listen on.


Default: {}

Supply extra arguments that will be passed to Jinja environment.


Default: {}

Extra variables to supply to jinja templates when rendering.


Default: ''

The kernel manager class to use.


Default: 'jupyter_client.kernelspec.KernelSpecManager'

The kernel spec manager class to use. Should be a subclass of jupyter_client.kernelspec.KernelSpecManager.

The Api of KernelSpecManager is provisional and might change without warning between this version of Jupyter and the next stable one.


Default: ''

The full path to a private key file for usage with SSL/TLS.


Default: ['localhost']

Hostnames to allow as local when allow_remote_access is False.

Local IP addresses (such as and ::1) are automatically accepted as local as well.


Default: 'notebook.auth.login.LoginHandler'

The login handler class to use.


Default: 'notebook.auth.logout.LogoutHandler'

The logout handler class to use.


Default: 'TeX-AMS-MML_HTMLorMML-full,Safe'

The MathJax.js configuration file that is to be used.


Default: ''

A custom url for MathJax.js. Should be in the form of a case-sensitive url to MathJax, for example: /static/components/MathJax/MathJax.js


Default: 536870912

Sets the maximum allowed size of the client request body, specified in the Content-Length request header field. If the size in a request exceeds the configured value, a malformed HTTP message is returned to the client.

Note: max_body_size is applied even in streaming mode.


Default: 536870912

Gets or sets the maximum amount of memory, in bytes, that is allocated for use by the buffer manager.


Default: 0

Gets or sets a lower bound on the open file handles process resource limit. This may need to be increased if you run into an OSError: [Errno 24] Too many open files. This is not applicable when running on Windows.


Default: {}

Dict of Python modules to load as notebook server extensions.Entry values can be used to enable and disable the loading ofthe extensions. The extensions will be loaded in alphabetical order.


Default: ''

The directory to use for notebooks and kernels.


Default: True

Whether to open in a browser after starting. The specific browser used is platform dependent and determined by the python standard library webbrowser module, unless it is overridden using the –browser (NotebookApp.browser) configuration option.


Default: ''

Hashed password to use for web authentication.

To generate, type in a python/IPython shell:

from notebook.auth import passwd; passwd()

The string should be of the form type:salt:hashed-password.


Default: False

Forces users to use a password for the Notebook server. This is useful in a multi user environment, for instance when everybody in the LAN can access each other’s machine through ssh.

In such a case, serving the notebook server on localhost is not secure since any user can connect to the notebook server via ssh.


Default: 8888

The port the notebook server will listen on (env: JUPYTER_PORT).


Default: 50

The number of additional ports to try if the specified port is not available (env: JUPYTER_PORT_RETRIES).


Default: 'disabled'

DISABLED: use %pylab or %matplotlib in the notebook to enable matplotlib.


Default: True

If True, display a button in the dashboard to quit (shutdown the notebook server).


Default: 3

(sec) Time window used to check the message and data rate limits.


Default: False

Reraise exceptions encountered loading server extensions?


Default: []

DEPRECATED use the nbserver_extensions dict instead


Default: ''

The session manager class to use.


Default: 0

Shut down the server after N seconds with no kernels or terminals running and no activity. This can be used together with culling idle kernels (MappingKernelManager.cull_idle_timeout) to shutdown the notebook server when it’s not in use. This is not precisely timed: it may shut down up to a minute later. 0 (the default) disables this automatic shutdown.


Default: ''

The UNIX socket the notebook server will listen on.


Default: '0600'

The permissions mode for UNIX socket creation (default: 0600).


Default: {}

Supply SSL options for the tornado HTTPServer. See the tornado docs for details.


Default: {}

Supply overrides for terminado. Currently only supports “shell_command”. On Unix, if “shell_command” is not provided, a non-login shell is launched by default when the notebook server is connected to a terminal, a login shell otherwise.


Default: True

Set to False to disable terminals.

This does not make the notebook server more secure by itself. Anything the user can in a terminal, they can also do in a notebook.

Terminals may also be automatically disabled if the terminado package is not available.


Default: '<generated>'

Token used for authenticating first-time connections to the server.

When no password is enabled, the default is to generate a new, random token.

Setting to an empty string disables authentication altogether, which is NOT RECOMMENDED.


Default: {}

Supply overrides for the tornado.web.Application that the Jupyter notebook uses.


Default: False

Whether to trust or not X-Scheme/X-Forwarded-Proto and X-Real-Ip/X-Forwarded-For headerssent by the upstream reverse proxy. Necessary if the proxy handles SSL


Default: True

Disable launching browser by redirect file

For versions of notebook > 5.7.2, a security feature measure was added that prevented the authentication token used to launch the browser from being visible. This feature makes it difficult for other users on a multi-user system from running code in your Jupyter session as you.

However, some environments (like Windows Subsystem for Linux (WSL) and Chromebooks), launching a browser using a redirect file can lead the browser failing to load. This is because of the difference in file structures/paths between the runtime and the browser.

Disabling this setting to False will disable this behavior, allowing the browser to launch by using a URL and visible token (as before).


Default: {}

DEPRECATED, use tornado_settings


Default: 2

Specify Where to open the notebook on startup. This is the new argument passed to the standard library method The behaviour is not guaranteed, but depends on browser support. Valid values are:

  • 2 opens a new tab,

  • 1 opens a new window,

  • 0 opens in an existing window.

See the documentation for details.


Default: None

Set the tornado compression options for websocket connections.

This value will be returned from WebSocketHandler.get_compression_options(). None (default) will disable compression. A dict (even an empty one) will enable compression.

See the tornado docs for WebSocketHandler.get_compression_options for details.


Default: ''

The base URL for websockets, if it differs from the HTTP server (hint: it almost certainly doesn’t).

Should be in the form of an HTTP origin: ws[s]://hostname[:port]


Default: ''

JSON file in which to store connection info [default: kernel-<pid>.json]

This file will contain the IP, ports, and authentication key needed to connect clients to this kernel. By default, this file will be created in the security dir of the current profile, but can be specified by absolute path.


Default: 0

set the control (ROUTER) port [default: random]


Default: 0

set the heartbeat port [default: random]


Default: 0

set the iopub (PUB) port [default: random]


Default: ''

Set the kernel’s IP address [default localhost]. If the IP address is something other than localhost, then Consoles on other machines will be able to connect to the Kernel, so be careful!


Default: 0

set the shell (ROUTER) port [default: random]


Default: 0

set the stdin (ROUTER) port [default: random]


Default: 'tcp'

No description


Default: True

Should we autorestart the kernel if it dies.


Default: []

DEPRECATED: Use kernel_name instead.

The Popen Command to launch the kernel. Override this if you have a custom kernel. If kernel_cmd is specified in a configuration file, Jupyter does not pass any arguments to the kernel, because it cannot make any assumptions about the arguments that the kernel understands. In particular, this means that the kernel does not receive the option –debug if it given on the Jupyter command line.


Default: 5.0

Time to wait for a kernel to terminate before killing it, in seconds.


Default: 1024

Threshold (in bytes) beyond which an object’s buffer should be extracted to avoid pickling.


Default: True

Whether to check PID to protect against calls after fork.

This check can be disabled if fork-safety is handled elsewhere.


Default: 65536

Threshold (in bytes) beyond which a buffer should be sent without copying.


Default: False

Debug output in the Session


Default: 65536

The maximum number of digests to remember.

The digest history will be culled when it exceeds this value.


Default: 64

The maximum number of items for a container to be introspected for custom serialization. Containers larger than this are pickled outright.


Default: b''

execution key, for signing messages.


Default: ''

path to file containing execution key.


Default: {}

Metadata dictionary, which serves as the default top-level metadata dict for each message.


Default: 'json'

The name of the packer for serializing messages. Should be one of ‘json’, ‘pickle’, or an import name for a custom callable serializer.


Default: ''

The UUID identifying this session.


Default: 'hmac-sha256'

The digest scheme used to construct the message signatures. Must have the form ‘hmac-HASH’.


Default: 'json'

The name of the unpacker for unserializing messages. Only used with custom functions for packer.


Default: 'username'

Username for the Session. Default is your system username.


Default: 'python3'

The name of the default kernel to start


Default: 'jupyter_client.ioloop.IOLoopKernelManager'

The kernel manager class. This is configurable to allow subclassing of the KernelManager for customized behavior.


Default: True

Share a single zmq.Context to talk to all my kernels


Default: []

White list of allowed kernel message types. When the list is empty, all message types are allowed.


Default: True

Whether messages from kernels whose frontends have disconnected should be buffered in-memory. When True (default), messages are buffered and replayed on reconnect, avoiding lost messages due to interrupted connectivity. Disable if long-running kernels will produce too much output while no frontends are connected.


Default: False

Whether to consider culling kernels which are busy. Only effective if cull_idle_timeout > 0.


Default: False

Whether to consider culling kernels which have one or more connections. Only effective if cull_idle_timeout > 0.


Default: 0

Timeout (in seconds) after which a kernel is considered idle and ready to be culled. Values of 0 or lower disable culling. Very short timeouts may result in kernels being culled for users with poor network connections.


Default: 300

The interval (in seconds) on which to check for idle kernels exceeding the cull timeout value.


Default: 60

Timeout for giving up on a kernel (in seconds). On starting and restarting kernels, we check whether the kernel is running and responsive by sending kernel_info_requests. This sets the timeout in seconds for how long the kernel can take before being presumed dead. This affects the MappingKernelManager (which handles kernel restarts) and the ZMQChannelsHandler (which handles the startup).


Default: ''

No description


Default: True

If there is no Python kernelspec registered and the IPython kernel is available, ensure it is added to the spec list.


Default: 'jupyter_client.kernelspec.KernelSpec'

The kernel spec class. This is configurable to allow subclassing of the KernelSpecManager for customized behavior.


Default: set()

Whitelist of allowed kernel names.

By default, all installed kernels are allowed.


Default: False

Allow access to hidden files


Default: None

No description


Default: ''

No description


Default: {}

No description


Default: 'notebook.files.handlers.FilesHandler'

handler class to use when serving raw file requests.

Default is a fallback that talks to the ContentsManager API, which may be inefficient, especially for large files.

Local files-based ContentsManagers can use a StaticFileHandler subclass, which will be much more efficient.

Access to these files should be Authenticated.


Default: {}

Extra parameters to pass to files_handler_class.

For example, StaticFileHandlers generally expect a path argument specifying the root directory from which to serve files.


Default: ['__pycache__', '*.pyc', '*.pyo', '.DS_Store', '*.so', '*.dyl...

Glob patterns to hide in file and directory listings.


Default: None

Python callable or importstring thereof

To be called on a contents model prior to save.

This can be used to process the structure, such as removing notebook outputs or other side effects that should not be saved.

It will be called as (all arguments passed by keyword):

hook(path=path, model=model, contents_manager=self)
  • model: the model to be saved. Includes file contents. Modifying this dict will affect the file that is stored.

  • path: the API path of the save destination

  • contents_manager: this ContentsManager instance


Default: '/'

No description


Default: 'Untitled Folder'

The base name used when creating untitled directories.


Default: 'untitled'

The base name used when creating untitled files.


Default: 'Untitled'

The base name used when creating untitled notebooks.


Default: True

By default notebooks are saved on disk on a temporary file and then if successfully written, it replaces the old ones. This procedure, namely ‘atomic_writing’, causes some bugs on file system without operation order enforcement (like some networked fs). If set to False, the new notebook is written directly on the old one which could fail (eg: full filesystem or quota )


Default: True

If True (default), deleting files will send them to the platform’s trash/recycle bin, where they can be recovered. If False, deleting files really deletes them.


Default: None

Python callable or importstring thereof

to be called on the path of a file just saved.

This can be used to process the file on disk, such as converting the notebook to a script or HTML via nbconvert.

It will be called as (all arguments passed by keyword):

hook(os_path=os_path, model=model, contents_manager=instance)
  • path: the filesystem path to the file just written

  • model: the model representing the file

  • contents_manager: this ContentsManager instance


Default: ''

No description


Default: False

DEPRECATED, use post_save_hook. Will be removed in Notebook 5.0


Default: 'sha256'

The hashing algorithm used to sign notebooks.


Default: ''

The sqlite file in which to store notebook signatures. By default, this will be in your Jupyter data directory. You can set it to ‘:memory:’ to disable sqlite writing to the filesystem.


Default: b''

The secret key with which notebooks are signed.


Default: ''

The file where the secret key is stored.


Default: traitlets.Undefined

A callable returning the storage backend for notebook signatures. The default uses an SQLite database.


Default: None

The authorization token used in the HTTP headers. (JUPYTER_GATEWAY_AUTH_TOKEN env var)


Default: None

The filename of CA certificates or None to use defaults. (JUPYTER_GATEWAY_CA_CERTS env var)


Default: None

The filename for client SSL certificate, if any. (JUPYTER_GATEWAY_CLIENT_CERT env var)


Default: None

The filename for client SSL key, if any. (JUPYTER_GATEWAY_CLIENT_KEY env var)


Default: 40.0

The time allowed for HTTP connection establishment with the Gateway server. (JUPYTER_GATEWAY_CONNECT_TIMEOUT env var)


Default: ''

A comma-separated list of environment variable names that will be included, along with their values, in the kernel startup request. The corresponding env_whitelist configuration value must also be set on the Gateway server - since that configuration value indicates which environmental values to make available to the kernel. (JUPYTER_GATEWAY_ENV_WHITELIST env var)


Default: '{}'

Additional HTTP headers to pass on the request. This value will be converted to a dict. (JUPYTER_GATEWAY_HEADERS env var)


Default: None

The password for HTTP authentication. (JUPYTER_GATEWAY_HTTP_PWD env var)


Default: None

The username for HTTP authentication. (JUPYTER_GATEWAY_HTTP_USER env var)


Default: '/api/kernels'

The gateway API endpoint for accessing kernel resources (JUPYTER_GATEWAY_KERNELS_ENDPOINT env var)


Default: '/api/kernelspecs'

The gateway API endpoint for accessing kernelspecs (JUPYTER_GATEWAY_KERNELSPECS_ENDPOINT env var)


Default: '/kernelspecs'

The gateway endpoint for accessing kernelspecs resources (JUPYTER_GATEWAY_KERNELSPECS_RESOURCE_ENDPOINT env var)


Default: 40.0

The time allowed for HTTP request completion. (JUPYTER_GATEWAY_REQUEST_TIMEOUT env var)


Default: None

The url of the Kernel or Enterprise Gateway server where kernel specifications are defined and kernel management takes place. If defined, this Notebook server acts as a proxy for all kernel management and kernel specification retrieval. (JUPYTER_GATEWAY_URL env var)


Default: True

For HTTPS requests, determines if server’s certificate should be validated or not. (JUPYTER_GATEWAY_VALIDATE_CERT env var)


Default: None

The websocket url of the Kernel or Enterprise Gateway server. If not provided, this value will correspond to the value of the Gateway url with ‘ws’ in place of ‘http’. (JUPYTER_GATEWAY_WS_URL env var)


Default: 0

Timeout (in seconds) in which a terminal has been inactive and ready to be culled. Values of 0 or lower disable culling.


Default: 300

The interval (in seconds) on which to check for terminals exceeding the inactive timeout value.