Error when enabling SSL with rstudio-launcher

Posit Professional & Hosted Products
,
1

I am attempting to follow along with the instructions in the posit workbench admin guide for enabling SSL for launcher (following RStudio Workbench Administration Guide - Overview). We have an existing install that works with a local cluster and I am trying to make the necessary changes without breaking everything.

We have already setup rstudio-server (via rserver.conf) to use SSL and this is working flawlessly.

The changes in launcher.conf amount to the addition of:

enable-ssl=1
certificate-file=/etc/rstudio/cert/<machine_name>.pem
certificate-key-file=/etc/rstudio/cert/<machine_name>.key

the pem and key files are the same files from rserver.conf. We also change launcher-use-ssl=1 in rserver.conf.

Once these changes are made we are no longer able to start the rstudio-launcher service and we get the following errors:

Oct 30 21:21:00 <machine_name> systemd[1]: Started rstudio-launcher.service - RStudio Launcher.
Oct 30 21:21:00 <machine_name> rstudio-launcher[3151306]: ERROR system error 2 (No such file or directory) [description: Certificate file does not exist]; OCCURRED AT rstudio::core::Error rstudio::core::http::SslAsyncServer::init(const std::string&, const std::string&, const rstudio::core::FilePath&, c>
Oct 30 21:21:00 <machine_name> systemd[1]: rstudio-launcher.service: Main process exited, code=exited, status=1/FAILURE
Oct 30 21:21:00 <machine_name> rstudio-local-launcher-<machine_name>[3151340]: ERROR system error 2 (No such file or directory) [description: Could not read from stdin]; OCCURRED AT void rstudio::job_launcher::impls::FrameworkCommunicator::onStdin(const rstudio_boost::system::error_code&, siz>
Oct 30 21:21:00 <machine_name> rstudio-local-launcher-<machine_name>[3151340]: ERROR Received fatal error while attempting to communicate with Job Launcher Framework.; LOGGED FROM: void rstudio::job_launcher::impls::entry_point::{anonymous}::onFrameworkError(const rstudio::core::Error&) src/c>

This is somewhat baffling because we are passing in the exact same paths for the certificate files, I've attempted changing the permissions of the certificate files and their ownership but nothing seems to work.

Any advice or suggestions would be much appreciated. I am also happy to post the full config files if that would be helpful for debugging.

-Colin

2

Hi Colin,

Typically when we see this from the Launcher, it's due to permissions issues on the certificate files in question. Can you make sure that they are set with the proper permissions and ownership as described here?
https://docs.posit.co/ide/server-pro/job_launcher/configuration.html#ssl-considerations

If this doesn't help, please file a ticket at our premium support site (https://support.Posit.co/hc/en-us/requests/new) and we can dig further into your specific configuration - should a generalizable solution be reached we'll be sure to return here and share that.

Thanks,
Ian

3

I have finally found a solution - the issue seems to occur based on the permissions of the folder containing the certificates (originally 600). Specifically chmod 655 /etc/rstudio/cert seemed to work for me, I'm guessing g+r and or o+r might be the missing piece but I have not investigated further.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.