Rstudio Server Setup with SSL behind Apache proxy server
Install R using following commands:¶
Install Rstudio IDE server¶
At this point if all goes well you can check the status of rstudio server by issuing the command:
The server is started automatically at port 8787 and can be accessed using <ip_address:8787> in browser of your choice, provided all firewall settings have been taken care of.
However, when you open the Rstudio server you will be presented with a logon screen and while you can access this using the users for the machine it is hosted on, it will be prudent to create a lower privilege user as explained in next section.
Add User to access the RStudio¶
Set up SSL and reverse proxy for R-Studio Server¶
Now important thing to note is that community version of Rstudio server does not come with SSL enabled but just to run it on a secure socket layer you don't necessarily need the pro version. By following the steps below, your communication with the server will be on SSL.
However to achieve the objective we need to accomplish following steps:
- Enable modules on Apache to help set up proxy
- Configure a proxy to control access to RStudio Server
- Use LetsEncrypt to enable SSL
- Restrict access to Rstudio server only through proxy
- Restart both Rstudio and Apache servers
Step 1: Enable modules on Apache to help set up proxy¶
There is guidance on how to do this on Rstudio Support. However, there was a bit of hair pulling and head scratching involved to get all the steps above work together so stick with me but keep that link in back pocket for variations or when you are stuck.
With head scratching and hair pulling I mean that I encountered errors such as these - AH01102 error reading status line from remote server
, Rstudio Proxy redirect changing the URL to localhost
and many others which can be avoided by following steps as explained below. Anyway so we need to enable mod_proxy
and mod_proxy_wstunnel
modules. As Apache is already installed and mod_proxy already enabled I did not have to install the module itself, but if it needs to be done the commands are:
Issuing the following commands should enable the relevant modules:
Step 2: Configure a proxy to control access to RStudio Server¶
Paste the following in the conf file but make sure to change details relevant to your domain name
for each entry (line numbers 2, 3, 4, 15 and 16 below):
- Change details relevant to your
domain name
- Change details relevant to your
domain name
- Change details relevant to your
domain name
- Change details relevant to your
domain name
- Change details relevant to your
domain name
- Change details relevant to your
domain name
Press Ctrl+X and save the file.
Tip
If you just want reverse proxy and no SSL, you can just comment out line 15, 16 and 17 in above conf file and you are all set. If you do want to enable SSL, enabling the site with commands below won't probably work just yet and subsequent steps will need to be completed.
Now enable the new site by issuing the commands:
Step 3: Use LetsEncrypt to enable SSL¶
Follow the instructions here for specific usecase but one way or the other using Certbot you will be able to obtain the LetsEncrypt SSL certificate and enable it on your server.
Once certbot has completed doing it's thing you would find an additional conf file in /etc/apache2/sites-available
named rstudio-le-ssl.conf
. It will be pretty much same content as in rstudio.conf with very minor changes. The first line will be listening on 443
instead of 80
and the ssl certificates will be included. Normally, you would not need to tweak anything in the resultant file but just for reference the contents of this file will look as below:
Step 4: Restrict access to Rstudio server only through proxy¶
Finally, we want to ensure that access to the Rstudio server is only through the proxy we configured and to do that we just need to specify this in the rstudio server configuration the attribute that tells it to only serve requests from localhost.
Now on the opened file type www-address=127.0.0.1
and press Ctrl+X and save the file.
Step 5: Restart both Rstudio and Apache servers¶
Finally issue the following commands to restart both the servers:
This is it. Now your new Rstudio server is ready to be used through secure socket layer.