Hi, I am trying to securely connect to my Rstudio server via https located at https://srv1.stats-con.com:8787, however, I get this error on Firefox:
Secure Connection Failed
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Connection via http works connecting to Rstudio (unsecure).
Connection via https://srv1.stats-con.com works, too, connecting to OPAL server (secure).
How do I have to configure my RStudio, NGINX, certificates (certbot, Lets encrypt)?
Best, Wilmar
Hi Wilmar,
I assume you are running the open source RStudio Server, which does not support HTTPS. So you will have to use a reverse proxy like NGINX. A good how-to for setting up NGINX with Let's encrypt is How To Secure Nginx with Let's Encrypt on Ubuntu 20.04 | DigitalOcean (adjust OS as needed). Configuring NGINX as a reverse proxy is documented at RStudio Workbench Administration Guide - 30 Running with a Proxy.
In your case you have to lookout for the additional OPAL server listening to the default HTTPS port 443 on your server. This has two consequences:
sudo certbot --nginx --cert-name domainname -d domainaddress1 -d domainaddress2
location / {
proxy_pass http://127.0.0.1:8787/;
proxy_set_header Host $host;
}
That looks good in principle. On which port does the NGINX listen? Can you connect to that port with HTTPS? Do you see the login screen from RStudioServer?
BTW, you might want to add the HTTP upgrade configuration mentioned in RStudio Workbench Administration Guide - 30 Running with a Proxy. Otherwise things that rely on websockets (terminal, Shiny apps, ...) won't work.
In case is useful, I also use certbot for SSL certificates and this Nginx config works for me
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# <!-- END ANSIBLE MANAGED BLOCK #1 -->
server {
listen 80 default_server;
server_name _;
index index.html index.htm index.php;
return 301 https://$host$request_uri;
}
server {
listen 443;
root /var/www/html;
index index.html index.htm index.php;
server_name yourdomain.com;
ssl on;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
access_log /var/log/nginx/yourdomain.com.log;
error_log /var/log/nginx/yourdomain.com-error.log error;
rewrite ^/rstudio$ $scheme://$http_host/rstudio/ permanent;
location /rstudio/ {
rewrite ^/rstudio/(.*)$ /$1 break;
proxy_pass http://localhost:8787;
proxy_read_timeout 20d;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_redirect http://localhost:8787/ $scheme://$http_host/rstudio/;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
Hi,
Subdomain to Rstudio works: https://rstudio2.dhub.global
Subdomain to RShiny App Dhub works with: http://update.dhub.global:3838/dhub/
I would like to point https://update.dhub.global to the Shiny app which is located at this path /srv/shiny-server/dhub/ .
Currently, the link https://update.dhub.global forwards to
https://update.dhub.global/srv/shiny-server/dhub
but states " Page not found - Sorry, but the page you requested doesn't exist."
My current nginx.conf includes a ./sites-available/default [1].
What changes do I have to make to my nginx "default" file?
Thanks!
Currently you are proxying Shiny server using
location / {
proxy_pass http://127.0.0.1:3838;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
However, our recommendation is to use
location / {
proxy_pass http://localhost:3838;
proxy_redirect / $scheme://$http_host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
}
Can you adjust that?