New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run shinyproxy on https (443) only #114
Comments
@garyallenkt Were you able to work around this issue? |
Any updates on this issue ? |
OpenAnalytics did a great job in helping resolve this. You should be able to get the latest version of ShinyProxy (2.3.0) and follow the updated documentation here - https://www.shinyproxy.io/security/#https-ssl-tls Best of luck. |
Hi @garyallenkt, Thank you for your quick response. I tried with the latest version but the issue persists in my case. I am embedding the entire shinyproxy in Iframe. In order to login, the server redirects the HTTPS connection to HTTP connection which is not allowed by the majority of the browsers. Do you know how I may fix this? Regards |
I am using a fork from Telethon kids repo and they use 2.3.0 too, but just to be sure I also pulled openanalytics's image. For your reference, here are my configs. docker_compose.yaml
application.yaml
and nginx.conf
|
Any possible update on this? @garyallenkt @fmichielssen |
Managed to fix it.
needs to be outside |
|
Unfortunately I am having the same problem with shinyproxy 2.3.1 I have this block outside the proxy block in the application.yml file server: and I have the Nginx proxy set up exaclty as described in the documentation. I also (to test if i just had made some dumb ngnix error set up an Apache server and had the exact same problem). My Nginx config blocks are:
Does anyone have any ideas about what might be wrong? or even thoughts about how to fix it? |
What's the error? Can you share your config files like how I did? Maybe I can help you |
@greenspray thank you for taking a look! I really am so stumped on this! My Nginx config it in the comment above, and this is what my application.yml looks like: Aside from changing the port and adding the serverforward header line, i have tried to keep everything exactly as it was installed. I even tested this with shiny proxy 2.3.0 since that seemed to be working for everyone on this thread, but that had the same problem.
I also tested using apache as the webserver instead, and I have the same problem. My two current theories are that either something is wrong with my application.yml set up , or that because i dont understand proxy/reverse proxy that well something in my proxy block is allowing redirect to http. |
@Claire-Kelley what's your exact error ? |
@greenspray9 I am not getting an error ! It works perfectly so that when i go to my website i can see the shiny proxy log in page and it is served over HTTPS (this is the desired behavior). The problem is that when i log in (using simple authentication for now) the page starts being served over HTTP (not HTTPS- this is the problem! ) |
@ckelley-ct Sorry I have no experience with the type of login you want. Maybe there is some kind of redirect happening? |
I have the same problem, did you find a solution? |
@HEPBO3AH yes I did - for me the the problem was with the insecure image (the line logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png in the example code above ). If you change that to an image served over https or remove it, then the problem resolves. |
@HEPBO3AH @ckelley-ct FYI, we have moved the image to https://www.openanalytics.eu/shinyproxy/logo.png |
I managed to make the reverse proxy with nginx and login securely using simple authentication, but once i try to use openid it fails because it uses http as callback protocol: getting error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'd1abf394-b312-4717-a1c4-daaeee4f3b28'. This is my application.yml for shinyproxy 2.4.0, shiny proxy 2.3.1 seems to work from microsoft edge
|
same error for me with 2.4 |
Hi @danielfm123, @roberts2727 so with ShinyProxy 2.4 the following config won't work anymore:
instead you have to use:
Can you report back whether this solves the issue for you? |
Issue Resolved! Thank you Sir. |
Yes, it works but kills the package DT |
Would it be worth mentioning that on https://www.shinyproxy.io/security/? |
Hi @shosaco this is already added to our new website: https://www.shinyproxy.io/documentation/security/#forward-headers . The URL your pointing to is an remainder from the old website, which I now cleaned up. |
As I believe that your question is answered, I'm closing this issue. Feel free to re-open it if you need more help. |
This is not working for me using Openid on azure B2c |
Hi,
Have tried to set up ShinyProxy on https only. This seems possible as per the documentation - https://www.shinyproxy.io/security/#https-ssl-tls
The problem is that when setting up with https only, NGINX ingress and OpenID, the https scheme is not passed through from the NGINX ingress to the ShinyProxy container which in-turn causes a number of issues with OpenId. Namely:
The reason this happens is due to ShinyProxy using the default codes here - spring-security DefaultOAuth2AuthorizationRequestResolver.java # L141
The text was updated successfully, but these errors were encountered: