Setup RStudio Server Over Nginx Https
Page content
I have introduced how to install R and RStudio Server before. But free version of RStudio Server lack of many security features, especially SSL.
This post introduces to secure RStudio Server by an Nginx reverse proxy.
At first, install R and RStudio Server as introduced before.
Let’s assume the domain name of the server is: www.myserver.com.
1 Setup RStudio Server
Edit file /etc/rstudio/rserver.conf, add following content:
# Only listen localhost
www-address=127.0.0.1
# Connection port, default 8787
# Maybe better to modify it
www-port=8787
Then check the configuration:
$ sudo rstudio-server verify-installation
If there were no issues, restart RStudio Server:
$ sudo rstudio-server restart
2 Install Nginx and setup reverse proxy
- Install Nginx by using the command:
$ sudo apt install nginx
- Next, edit
/etc/nginx/nginx.confand modify thehttpsection:
http {
# Basic Settings
# ...
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
- Then create an Nginx site config file
rs-serverunder the directory/etc/nginx/sites-available/:
server {
listen 80;
listen [::]:80;
server_name www.myserver.com;
root /var/www/html;
index index.html;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8787/;
proxy_redirect http://localhost:8787/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
}
Create a symbolic link in directory /etc/nginx/sites-enabled:
$ cd ../sites-enabled
$ ln -s ../sites-available/rs-server .
- Check the Nginx configuration:
$ sudo nginx -t
If there were no errors, restart Nginx service:
$ sudo systemctl restart nginx
3 Setup Let’s Encrypt TLS certificate via certbot
- Install certbot
# Install snap
$ sudo apt update
$ sudo apt install snapd
$ sudo snap install core; sudo snap refresh core
# Install and config certbot
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
- Get & install certificate
$ sudo certbot --nginx
Then test automatic renewal
$ sudo certbot renew --dry-run
- Now, the config file
rs-serverwould be like:
server {
server_name www.myserver.com;
root /var/www/html;
index index.html;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8787/;
proxy_redirect http://localhost:8787/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.myserver.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.myserver.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.myserver.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name www.myserver.com;
return 404; # managed by Certbot
}
Ok. Let’s visit https://www.myserver.com to access the RStudio Server.
Have fun!