Hello,
We are trying to host a Shiny app via Shinyproxy to an external party. Currently we have ShinyProxy running Dockerized on a machine and nginx taking care of the proxy work and load balancing.
Our authentication gets us to the shinyproxy landing page and via the access-groups setting it enables us to open the correct apps. The app also loads the ui but then seems to lose connection with the server.R causing plots to load endlessly and the app to be unresponsive.
Locally the dockerized shinyapps run fine and the apps also run fine on the shinyproxy setup for internal use that we also have. Inspecting the apps/containers om the external machine show no errors. Hence we believe it lies somewhere outside of the app and somewhere in our setup of the external shinyproxy or components surrounding that. We have tried a lot but unfortunately without success, hence we have come to you for aid.
What we have tried is the following:
Different versions of shiny proxy tried
A few months ago our setup still worked fine. Hence we figured an update might be the cause. We have tried to run our app with shinyproxy 2.5.0, 2.6.0 and 2.6.1 but no luck.
Settings on shiny proxy
We tried different settings in the shinyproxy yaml, ranging to altering the
• container-wait-time
• heartbeat-rate
• heartbeat-timeout
• servlet.session.timeout
• request dumping in the logging
We also followed these issues in adapting the application yaml server parameter to use a native forward header strategy:
And went over the additional steps in checking the proxy configurations.
https://www.shinyproxy.io/faq/#invalid-redirect_uri-when-using-openid-connect-or-keycloak
Host system characteristics
lsb_release –a output:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
uname –a output:
Linux web2094 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Docker version 20.10.8, build 3967b7d
App Docker image characteristics:
An Ubuntu 18.04 base image with R version 3.6.2 installed
Nginx adapatations
• changed to newer, stable version
• changed proxy pass ports
• lots of changes to proxy settings based on suggestions from other users online
Using apache as reverse proxy instead of nginx
We have also setup nginx as a reverse proxy on our internal shinyproxy, which worked perfectly fine.
Create a very simple debugging app, to eliminate complexity in other R Shiny apps
Monitoring mode (non-blocking) for network & edge (internet) firewalling
Which has always been in place and has never before blocked needed traffic and with which our setup used to work before.
All this with no luck.
Here is our current nginx config:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name ${SP_ENV}ourexternalurl;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name ${SP_ENV}ourexternalurl;
ssl_protocols TLSv1.2;
ssl_ciphers Masked;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/shinyproxy.crt;
ssl_certificate_key /etc/ssl/shinyproxy.pem;
location / {
proxy_pass http://shinyproxy:8040;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 20d;
proxy_buffering off;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Here is the top of the shinyproxy application.yml
server:
forward-headers-strategy: native
proxy:
title: Our name
logo-url: a logo png
landing-page: /
container-wait-time: 180000
heartbeat-rate: 10000
heartbeat-timeout: 180000
servlet.session.timeout: 43200
port: 8040
authentication: openid
openid:
auth-url: https://${SP_ENV} restofurl /oauth/v1/authorize
token-url: https://${SP_ENV} restofurl /oauth/v1/token
jwks-url: https://${SP_ENV} restofurl /oauth/v1/keys
client-id: ${OG_CLIENT_ID}
client-secret: ${OG_CLIENT_SECRET}
scopes: scopes
roles-claim: open id roles claim
docker:
internal-networking: true
container-log-path: ./container-logs
specs:
Thanks in advance and looking forward to hear some smart ideas.