ShinyProxy, Kubernetes and HTTPS

Hi there, first of all thanks for ShinyProxy, it is amazing!

So far we managed to create an amazing setup thanks to ShinyProxy, having CI/CD with R Shiny through ShinyProxy is great. One last topic that we struggle with is HTTPS.

I understand that https://www.shinyproxy.io/security/#https-ssl-tls provides an example setup using nginx, unfortunately this example did not work for us, although quite possibly due to a lack of experience with nginx.

Would it be possible to provide any additional steps needed to setup the nginx configuration? When following https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes, what exact steps need to be taken to ensure only HTTPS connections are allowed?

I am a bit out of my comfort zone here, any help or guidance would be appreciated!

Best regards,

Michael

Hi @michaelhogersosis,

What exactly is not working when you try the example configuration? What kind of errors are you getting?

Hi @fmichielssen,

I think my inexperience with nginx/kubernetes is to be blamed here. Currently I have followed all steps on https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes (which works excellent) and subsequently want to expose my development ShinyProxy setup only to https://dev.mywebsite.com.

Following the https://www.shinyproxy.io/security/#https-ssl-tls description I created the following nginx.conf file.

server {
  listen                80;
  server_name           dev.mywebsite.com;
  rewrite     ^(.*)     https://$server_name$1 permanent;
}

server {
  listen                443;
  server_name           dev.mywebsite.com;
  access_log            /var/log/nginx/shinyproxy.access.log;
  error_log             /var/log/nginx/shinyproxy.error.log error;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_certificate       /etc/ssl/certs/mywebsite.com.crt;
  ssl_certificate_key   /etc/ssl/private/mywebsite.com.key;

   location / {
       proxy_pass          http://127.0.0.1:8080/;

       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_read_timeout 600s;

       proxy_redirect    off;
       proxy_set_header  Host             $http_host;
       proxy_set_header  X-Real-IP        $remote_addr;
       proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
       proxy_set_header  X-Forwarded-Proto $scheme;
     }

}

My question would be, how should I integrate this configuration in my Kubernetes cluster to guarantee only https is allowed for dev.mywebsite.com? Is it possible to describe the extra steps necessary to do so? I tried several avenues, including AWS’ certificate manager, but my inexperience in this area has proven to be an obstacle.

Best regards and thanks for all your effort,

Michael

Did you find any solution?