Hello everyone,
I’m not familiar at securing the applications, ssl certificates, firewall etc.
I’m developing some Shiny applications for the company. Those applications will be deployed with ShinyProxy on my Ubuntu machine.
This app is running on x.x.x.x:8080 and in the following image, the application is not secured because of I don’t know how to configure it.
First of all, when I enable the firewall by using the following codes and restart shinyproxy I can’t access to my app.
ufw enable
ufw allow 80
ufw allow 443
sudo ufw allow http
sudo ufw allow https
ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
80/tcp ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Also, IT department gave me some ssl files and certificates to secure my application. In the shinyproxy documentation, their example is like this how to use ssl and secure the applications.
server {
listen 80;
server_name shinyproxy.yourdomain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name shinyproxy.yourdomain.com;
access_log /var/log/nginx/shinyproxy.access.log;
error_log /var/log/nginx/shinyproxy.error.log error;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/certs/yourdomain.com.crt;
ssl_certificate_key /etc/ssl/private/yourdomain.com.key;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
There an nginx file in this path /etc/nginx/sites-enabled as called default. I changed ssl_certificate and ssl_certificate_key with my ssl files. After I save the file, I restart nginx and shinyproxy. However, it does not work.
sudo systemctl restart nginx
sudo systemctl restart shinyproxy
In order to access the app, I should disable the firewall (ufw disable). How can I secure and configure the app?
Thanks.