accessing rstudio server using domain instead of IP address returns page not found

Sanjmeh · February 12, 2023, 4:24pm

I have a simple problem of accessing the rstudio server remotely using my domain name. The server is accessible using the IP address i.e. x.x.x.x:8787 but as soon as I use the domain abc.net/rstudio there is page not found message.

I can confirm the shinyapp1 is accessible with the below nginx setting. I am reproducing the nginx config file server block of concern and would appreciate advice from people experienced in server admin.

I am sure it would be a small tweak in the config file but I am unable to get my head around this and it has baffled me now for several days.

server {
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    server_name abc.net;

    ssl_certificate /etc/letsencrypt/live/abc.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/abc.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location /shinyapp1 {
        proxy_pass http://localhost:3838/shinyapp1;
        proxy_redirect http://localhost:3838/shinyapp1/ $scheme://$host/shinyapp1/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 20d;
        proxy_buffering off;
    }
   
    location /rstudio {
        proxy_pass http://localhost:8787/;
        proxy_redirect http://localhost:8787/ $scheme://$host/rstudio/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_read_timeout 20d;
        proxy_buffering off;
    }
}

When I try to access the rstudio with
https://abc.net/rstudio, I get the following browser message:

also the url is immediately replaced with :
https://abc.net/rstudio/auth-sign-in?appUri=%2F

(this gives a hint that there is no firewall blocking the access)

And donot forget using the IP address I am able to access the rstudio sign in page easily, i.e.
x.x.x.x:8787 immediately opens the sign in page of rstudio.

Note: I have replaced the actual domain name by abc to preserve privacy.

andresrcs · February 12, 2023, 9:56pm

This is what I use for location rstudio when using SSL

            location /rstudio/ { 
                 # Needed only for prefix of /rstudio 
                 rewrite ^/rstudio/(.*)$ /$1 break; 
  
                 # Use http here when ssl-enabled=0 is set in rserver.conf 
                 proxy_pass http://localhost:8787; 
                 proxy_http_version 1.1; 
  
                 proxy_set_header Upgrade $http_upgrade; 
                 proxy_set_header Connection $connection_upgrade; 
  
                 # Optionally, use an explicit hostname and omit the port if using 80/443 
                 proxy_set_header Host $host:$server_port; 
  
                 # Not needed if there's no prefix or www-root-path is set in rserver.conf 
                 proxy_set_header X-RStudio-Root-Path /rstudio; 
  
                 # Tells RStudio to send redirect URLs back to https 
                 proxy_set_header X-Forwarded-Proto https; 
  
                 proxy_read_timeout 20d; 
             }

I also have this outside of locations that works for both rstudio and shiny-server

        map $http_upgrade $connection_upgrade { 
             default upgrade; 
             ''      close; 
         }

Sanjmeh · February 14, 2023, 10:11am

Thanks a lot. This line worked:
rewrite ^/rstudio/(.*)$ /$1 break;

A quick followup question: The rstudio site is also accessible the old way i.e. x.x.x.x:8787. How do I block the old way of accessing ? Same with all shiny apps; they are still accessible with 3838 port bypassing the https (SSL).

andresrcs · February 14, 2023, 11:01am

Remove the access rule on the firewall settings (I'm assuming you are using an EC2 instance as usual) and optionally you can configure a firewall in the instance itself like ufw

Sanjmeh · February 14, 2023, 12:35pm

It's a Digitial Ocean droplet, not EC2 but ssh access to the Ubuntu server is available. So I will investigate ufw a bit more. Thanks for the pointer.

andresrcs · February 14, 2023, 12:38pm

Digital Ocean must have an "inbound rules" equivalent, they all have.

system · March 7, 2023, 12:38pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.