ShinyProxy, Kubernetes and HTTPS

michaelhogersosis · March 20, 2019, 10:46am

Hi there, first of all thanks for ShinyProxy, it is amazing!

So far we managed to create an amazing setup thanks to ShinyProxy, having CI/CD with R Shiny through ShinyProxy is great. One last topic that we struggle with is HTTPS.

I understand that https://www.shinyproxy.io/security/#https-ssl-tls provides an example setup using nginx, unfortunately this example did not work for us, although quite possibly due to a lack of experience with nginx.

Would it be possible to provide any additional steps needed to setup the nginx configuration? When following https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes, what exact steps need to be taken to ensure only HTTPS connections are allowed?

I am a bit out of my comfort zone here, any help or guidance would be appreciated!

Best regards,

Michael

fmichielssen · March 21, 2019, 3:00pm

Hi @michaelhogersosis,

What exactly is not working when you try the example configuration? What kind of errors are you getting?

michaelhogersosis · March 22, 2019, 1:06pm

Hi @fmichielssen,

I think my inexperience with nginx/kubernetes is to be blamed here. Currently I have followed all steps on https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes (which works excellent) and subsequently want to expose my development ShinyProxy setup only to https://dev.mywebsite.com.

Following the https://www.shinyproxy.io/security/#https-ssl-tls description I created the following nginx.conf file.

server {
  listen                80;
  server_name           dev.mywebsite.com;
  rewrite     ^(.*)     https://$server_name$1 permanent;
}

server {
  listen                443;
  server_name           dev.mywebsite.com;
  access_log            /var/log/nginx/shinyproxy.access.log;
  error_log             /var/log/nginx/shinyproxy.error.log error;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_certificate       /etc/ssl/certs/mywebsite.com.crt;
  ssl_certificate_key   /etc/ssl/private/mywebsite.com.key;

   location / {
       proxy_pass          http://127.0.0.1:8080/;

       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_read_timeout 600s;

       proxy_redirect    off;
       proxy_set_header  Host             $http_host;
       proxy_set_header  X-Real-IP        $remote_addr;
       proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
       proxy_set_header  X-Forwarded-Proto $scheme;
     }

}

My question would be, how should I integrate this configuration in my Kubernetes cluster to guarantee only https is allowed for dev.mywebsite.com? Is it possible to describe the extra steps necessary to do so? I tried several avenues, including AWS’ certificate manager, but my inexperience in this area has proven to be an obstacle.

Best regards and thanks for all your effort,

Michael

mateo_graciano · May 8, 2021, 7:50am

Did you find any solution?

rkagr · November 30, 2021, 8:59pm

Hi,
Could you please help me setting up the shinyproxy app for Eks cluster? I am following the tutorials from https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes
I am getting confused how to build my docker image which is present in " shinyproxy-example" folder.