RStudio container won't work with DNS-alias

ancan · March 6, 2023, 8:50am

Hi all,
I’m running a RStudio container behind ShinyProxy. It’s based on https://github.com/openanalytics/shinyproxy-rstudio-ide-demo, with some modifications to install database client and some more packages.

Application definition is:

 - id: rstudio422
    display-name: RStudio
    description: RStudio on R 4.2.2, with MSSQL ODBC client and tinytex.
    container-image: redacted/rstudio:4.2.2v1
    container-volumes: [ "/mnt/shiny:/home/#{proxy.userId}/shiny", "RStudio-site-library:/usr/local/lib/R/site-library" ]
    port: 8787
    access-groups: [redacted]
    container-env:
      USER: "#{proxy.userId}"
      DISABLE_AUTH: true
      WWW_ROOT_PATH: "#{proxy.getRuntimeValue('SHINYPROXY_PUBLIC_PATH')}"

This all works just fine when I access ShinyProxy using the host server name, but we will be using a DNS alias, and when using that address the iframe containing R-studio is just empty. Accessing the exact same container instance from either the host name or the alias gives different results.
We’ve got several other R applications begind ShinyProxy and these works with both names.

Anyone got any idea how to troubleshoot this?

adanba · March 6, 2023, 11:27am

Hi
can you please specifiy the shinyproxy version that you use ?
show us the log of your browser when you run the rstudio app.
to get the browser logs in Chrome use this :
click right (mouse) in the homepage shinyproxy > inspect > messages (blue dialog in pic)

Regards
ada

ancan · March 7, 2023, 8:51am

Thanks!
ShinyProxy is v2.6.

The issue shown in inspect is about “Mixed Content”.

Mixed Content: The page at ‘https://xxxxx/app/rstudio422’ was loaded over HTTPS, but requested an insecure frame ‘http://xxxxx/app_direct_i/rstudio422/_/auth-sign-in?appUri=%2F’. This request has been blocked; the content must be served over HTTPS.

The iframe src is specified with https, and the page source doesn’t contain a single instance of “http:” so could this be from behind the proxy?

adanba · March 7, 2023, 9:04am

Are you using shinyproxy behind a proxy or behind loadbalancer ?
If YES, you can enable HTTP to HTTPS redirect.

ada

ancan · March 7, 2023, 9:20am

It will be behind a LB, but while troubleshooting this we’ve redirected the DNS-alias to go to the server itself, so right now it’s a direct connection.

The issue seems to be the same as this, but I’ve already got “forward-headers-strategy: native”.

ancan · March 7, 2023, 9:32am

I think I fixed it. Besides the “forward-headers-strategy: native”, it also needed a “useForwardHeaders: true”.

server:
  useForwardHeaders: true
  forward-headers-strategy: native

I also forgot I set up nginx on the local server, so it’s still behind a proxy. I think we’ll keep this setup and skip the LB since we only intended to go through that for certificate management.

adanba · March 7, 2023, 11:03am

ok, happy for you !

I’m using shinyproxy:2.6.1 behind a loadbalancer and it works like a charm with rstudio:4.2.1.
In my LB i force to redirect all http traffic to https.

I also used x-forwarding headers in my config :

server:
      useForwardHeaders: true #[this is deprecated]
      forward-headers-strategy: native

ancan · March 7, 2023, 11:33am

I think I got mislead a bit by using Firefox. It still warns about mixed contents in FF, but it works in Chrome and Edge which is the default browsers in our organisation so I’ll call it good enough.