When I turn my firewall off, these apps run appropriately; I can browse to them with
Interesting. Just to be clear: are you saying that when your firewall is on, you cannot browse to them at
http://localhost:3838/sample-apps/hello? Does your firewall allow traffic on port 3838?
I ask because firewalls are usually configured to stop external traffic from coming in. The random ports that you see active (41339 and 37129 in your case) are where shiny apps are being served, but they are being “proxied”, so to speak, by the shiny server. As a result, the only traffic to them is internal to the box itself, forwarded from port 3838, and your firewall shouldn’t care about internal traffic.
The correct place to access all of your applications is on port 3838, but this can be changed to another port if desirable. For instance, you can even configure running on multiple ports in the admin guide.
My point, though, is that you shouldn’t need to open every port on your box and you shouldn’t need to know which port the apps are served on. Shiny Server takes care of that for you. All your firewall needs to allow is access to port 3838 (or whatever ports you configure in the shiny server config).
Even from inside the box, I get a 403 Forbidden trying to access/curl/nmap the “hidden” ports that the shiny app is listening on. I think that port is locked down by shiny server.
<h1>403 Forbidden</h1><p>Shared secret mismatch</p>
As a final example, on Shiny Server Pro, the same “shiny app” might be listening on multiple ports simultaneously. Shiny Server takes care of routing the traffic using the client-side path (i.e.
/sample-apps/hello) and server-side configuration provided.
EDIT: I am struggling to determine if you are concerned about opening all the ports (as I mentioned - you shouldn’t need to) or if you are trying to configure an app to listen on a different port. The port that an app listens on is determined by the shiny-server configuration.