0

I'm not familiar at securing the applications, ssl certificates, firewall etc.

I'm developing some Shiny applications for the company. They will be deployed with ShinyProxy on my Ubuntu machine.

This app is running on x.x.x.x:8080 and in the following image, the application is not secured because of I don't know how to configure it.

enter image description here

First of all, when I enable the firewall by using the following codes and restart shinyproxy I can't access to my app.

ufw enable
ufw allow 80
ufw allow 443
sudo ufw allow http
sudo ufw allow https
ufw status

Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)

enter image description here

Also, IT department gave me some ssl files and certificates to secure my application. In the shinyproxy documentation, their example is like this how to use ssl and secure the applications.

server {
  listen                80;
  server_name           shinyproxy.yourdomain.com;
  rewrite     ^(.*)     https://$server_name$1 permanent;
}

server {
  listen                443;
  server_name           shinyproxy.yourdomain.com;
  access_log            /var/log/nginx/shinyproxy.access.log;
  error_log             /var/log/nginx/shinyproxy.error.log error;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_certificate       /etc/ssl/certs/yourdomain.com.crt;
  ssl_certificate_key   /etc/ssl/private/yourdomain.com.key;

   location / {
       proxy_pass          http://127.0.0.1:8080/;

       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_read_timeout 600s;

       proxy_redirect    off;
       proxy_set_header  Host              $http_host;
       proxy_set_header  X-Real-IP         $remote_addr;
       proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
       proxy_set_header  X-Forwarded-Proto $scheme;
     }

}

There an nginx file in this path /etc/nginx/sites-enabled as called default. I changed ssl_certificate and ssl_certificate_key with my ssl files. After I save the file, I restart nginx and shinyproxy. However, it does not work.

sudo systemctl restart nginx
sudo systemctl restart shinyproxy

In order to access the app, I should disable the firewall (ufw disable). How can I secure and configure the app?

enter image description here

Thanks.

Secured Shiny Proxy App

Ekrem Bayar
  • 7
  • 2

0 Answers0