Unable to get contextPath working

brasie · August 17, 2018, 2:24am

Similar to the topic “Custom URL when using nginx”, I am trying to use ShinyProxy behind nginx with a server.contextPath. But I cannot seem to get the server.contextPath recognized.

This is for ShinyProxy version 2.0.1.

My application.yml is simply

server:
  contextPath: /r-shiny/

proxy:
  authentication: none
  docker:
    internal-networking: true
  specs:
  - id: 01_hello
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy

(I have the ShinyProxy running inside a docker container.)

and in my default.conf for nginx is simply

server {
  listen 80;
  location /r-shiny/ {
    proxy_pass http://shinyproxy:8080/r-shiny/;
  }
}

Without the server.contextPath I am able to connect just fine to http://localhost:8080 and launch the example app. However with the server.contextPath I cannot access it via nginx at http://localhost/r-shiny/… it seems to ignore the contextPath to some extent, as I get 404 errors trying to get e.g. /webjars/bootstrap/3.3.7/js/bootstrap.min.js and the page itself seems to be a 404 error from ShinyProxy.

Any guidance would be appreciated.

fmichielssen · August 17, 2018, 7:05am

Hi @brasie,

There is an issue with contextPath in version 2.0.1, see here for more info:

The workaround is to specify both

server:
  contextPath:

and

server:
  servlet:
    context-path:

brasie · August 17, 2018, 8:33am

Ah! Thank you, that indeed looks to get it working (after setting up the nginx config a bit more).

Though, it led to a new but related issue… I’m actually trying to get OpenID Connect authentication working, but while simple auth works just fine behind nginx with a context path set, openid authentication issues a redirect that seems to ignore the context path.

The new configurations are as so.

application.yml:

server:
  contextPath: /r-shiny
  servlet:
    context-path: /r-shiny

proxy:
  authentication: openid
  openid:
    auth-url: https://ACCT.oktapreview.com/oauth2/default/v1/authorize
    token-url: https://ACCT.oktapreview.com/oauth2/default/v1/token
    jwks-url: https://ACCT.oktapreview.com/oauth2/default/v1/keys
    client-id: CLIEND_ID
    client-secret: CLIENT_SECRET
  docker:
    internal-networking: true
  specs:
  - id: 01_hello
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy

nginx default.conf:

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen 80;

  location /r-shiny/ {
    proxy_pass http://172.17.0.1:8080;
    proxy_http_version 1.1;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Protocol $scheme;

    # websocket headers
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

When I attempt to navigate to http://localhost/r-shiny, it redirects me to http://localhost/oauth2/authorization/shinyproxy, which of course 404s.

(If I manually change that in the browser location bar to http://localhost/r-shiny/oauth2/authorization/shinyproxy, it proceeds through the rest of the OpenID Connect authentication process just fine and I get a working ShinyProxy session…)

Any suggestions here…?

Thanks much,

fmichielssen · August 17, 2018, 9:50am

Hi @brasie,

Good catch, the OIDC redirect did not respect the context-path setting. A fix has been committed, and will be in upcoming release 2.0.2:

tverbeke · August 17, 2018, 3:57pm

@brasie: released! See https://www.shinyproxy.io/downloads/

brasie · August 17, 2018, 5:34pm

Just updated, and indeed the oidc redirect is working for me now.

Thanks much!