ShinyProxy and Docker over TLS/HTTPS


#1

Hi, I’m running ShinyProxy on Ubuntu 16.04.5 LTS (xenial) server on an Amazon EC2 instance, and I’m trying to get HTTPS/TLS communication between ShinyProxy and my Docker containers so that I can embed them in iframes. (I am using Apache2.)

However, I currently can’t do that because my setup has some issue communicating over HTTPS/TLS.

I attempted to configure ShinyProxy and Docker to communicate over TLS/HTTPS; for Docker I followed the steps here: https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl and for ShinyProxy I configured as per the settings under “Docker” in the “Container Back-ends” section here: https://www.shinyproxy.io/configuration/

The override.conf file for my Docker setup is below (and I’ve re-installed/re-built ShinyProxy with these settings in place):

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -D -H tcp://127.0.0.1:2376
Environment=“DOCKER_OPTS=-H 127.0.0.1:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert=/etc/docker/ssl/ca.pem --tlscert=/etc/docker/ssl/cert.pem --tlskey=/etc/docker/ssl/key.pem”

My ShinyProxy application.yml configuration file relevant sections are below:

proxy:
port: 8080
authentication: none
docker:
cert-path: ~/.docker
url: http:// 127.0.0.1:2376
container-protocol: https
port-range-start: 20000
port-range-end: 20100

(In the actual config file, and throughout this post, there is no space between http:// and 127.0.0.1; I’m not sure how to prevent auto-generation of links in this forum.)

The URL is http, but the container-protocol is https because after a great deal of experimentation, this setup allowed ShinyProxy to actually spin up, and I can connect to the ShinyProxy :8080 landing page.

However, when I click on any of the apps on the landing page, ShinyProxy produces the following in the terminal:

2018-08-30 17:23:51.008 INFO 15537 — [ XNIO-2 task-4] c.s.docker.client.DefaultDockerClient : Starting container with Id: 05fc8e1d101cff4e0d75209376c87b285177f323525f0fbaad2b4dcfc910b934
2018-08-30 17:23:53.337 WARN 15537 — [ XNIO-2 task-4] e.o.shinyproxy.ShinyProxyTestStrategy : Container unresponsive, trying again (2/10): https:// localhost:20000

Repeat another 8 times until:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is eu.openanalytics.containerproxy.ContainerProxyException: Container did not respond in time

When I try this through the default http container-protocol, everything works exactly as expected.

I’m wondering if this is some issue with authentication: none and HTTPS interaction, or if there is something wrong with my configuration; any advice is appreciated!

Thanks for your time!


#2

Hi @cm21

Did you manage to eventually sort out this problem?, I am also currently struggling with it.

Thanks


#3

Hi @Brian_Maja,

I have unfortunately not solved this issue, and just have everything running through http, which is very much not ideal but also ended a three day struggle to get this working.

I hope you have better luck than I did.