Server.R logic seems to get lost when hosting apps externally via shinyproxy

Hello,

We are trying to host a Shiny app via Shinyproxy to an external party. Currently we have ShinyProxy running Dockerized on a machine and nginx taking care of the proxy work and load balancing.
Our authentication gets us to the shinyproxy landing page and via the access-groups setting it enables us to open the correct apps. The app also loads the ui but then seems to lose connection with the server.R causing plots to load endlessly and the app to be unresponsive.

Locally the dockerized shinyapps run fine and the apps also run fine on the shinyproxy setup for internal use that we also have. Inspecting the apps/containers om the external machine show no errors. Hence we believe it lies somewhere outside of the app and somewhere in our setup of the external shinyproxy or components surrounding that. We have tried a lot but unfortunately without success, hence we have come to you for aid.

What we have tried is the following:

Different versions of shiny proxy tried
A few months ago our setup still worked fine. Hence we figured an update might be the cause. We have tried to run our app with shinyproxy 2.5.0, 2.6.0 and 2.6.1 but no luck.

Settings on shiny proxy
We tried different settings in the shinyproxy yaml, ranging to altering the
• container-wait-time
• heartbeat-rate
• heartbeat-timeout
• servlet.session.timeout
• request dumping in the logging

We also followed these issues in adapting the application yaml server parameter to use a native forward header strategy:


And went over the additional steps in checking the proxy configurations.
https://www.shinyproxy.io/faq/#invalid-redirect_uri-when-using-openid-connect-or-keycloak

Host system characteristics

lsb_release –a output:

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal

uname –a output:

Linux web2094 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Docker version 20.10.8, build 3967b7d

App Docker image characteristics:

An Ubuntu 18.04 base image with R version 3.6.2 installed

Nginx adapatations
• changed to newer, stable version
• changed proxy pass ports
• lots of changes to proxy settings based on suggestions from other users online

Using apache as reverse proxy instead of nginx

We have also setup nginx as a reverse proxy on our internal shinyproxy, which worked perfectly fine.

Create a very simple debugging app, to eliminate complexity in other R Shiny apps

Monitoring mode (non-blocking) for network & edge (internet) firewalling
Which has always been in place and has never before blocked needed traffic and with which our setup used to work before.

All this with no luck.

Here is our current nginx config:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events { worker_connections  1024; }


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log main;
    error_log   /var/log/nginx/error.log debug;

    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/conf.d/*.conf;

    server {
        listen                80;
        server_name           ${SP_ENV}ourexternalurl;
        return         301 https://$server_name$request_uri;
    }

    server {
        listen               443 ssl;
        server_name          ${SP_ENV}ourexternalurl;
        ssl_protocols        TLSv1.2;
        ssl_ciphers        Masked;
        ssl_prefer_server_ciphers on;
        ssl_certificate      /etc/ssl/shinyproxy.crt;
        ssl_certificate_key  /etc/ssl/shinyproxy.pem;

           location / {
              proxy_pass http://shinyproxy:8040;

              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "Upgrade";
              proxy_read_timeout 20d;
              proxy_buffering   off;
              proxy_redirect    off;
              proxy_set_header  Host             $http_host;
              proxy_set_header  X-Real-IP        $remote_addr;
              proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
              proxy_set_header  X-Forwarded-Proto $scheme;
        }
    }
}

Here is the top of the shinyproxy application.yml

server:
  forward-headers-strategy: native

proxy:
  title: Our name
  logo-url: a logo png
  landing-page: /
  container-wait-time: 180000
  heartbeat-rate: 10000
  heartbeat-timeout: 180000
  servlet.session.timeout: 43200
  port: 8040
  authentication: openid
  openid:
    auth-url: https://${SP_ENV} restofurl /oauth/v1/authorize
    token-url: https://${SP_ENV} restofurl /oauth/v1/token
    jwks-url: https://${SP_ENV} restofurl /oauth/v1/keys
    client-id: ${OG_CLIENT_ID}
    client-secret: ${OG_CLIENT_SECRET}
    scopes: scopes
    roles-claim: open id roles claim 
  docker:
    internal-networking: true
  container-log-path: ./container-logs
  specs:

Thanks in advance and looking forward to hear some smart ideas.