Make Gadgets Work

Posts tagged "letsEncrypt"

Install R using following commands: sudo apt-get install r-base libapparmor1 gdebi-core # Check that R is installed R #quit R q() Install Rstudio IDE server cd Downloads/ wget https://download2.rstudio.org/rstudio-server-1.0.136-amd64.deb sudo gdebi rstudio-server-1.0.136-amd64.deb At this point if all goes well you can check the status of rstudio server by issuing the command: sudo systemctl status rstudio-server.service The server is started automatically at port 8787 and can be accessed using <ip_address:8787> in browser of your choice, provided all firewall settings have been taken care of. However, when you open the Rstudio server you will be presented with a logon screen and while you can access this using the users for the machine it is hosted on, it will be prudent to create a lower privilege user as explained in next section. Add User to access the RStudio sudo adduser rstudio Set up SSL and reverse proxy for R-Studio Server Now important thing to note is that community version of Rstudio server does not come with SSL enabled but just to run it on a secure socket layer you don't necessarily need the pro version. By following the steps below, your communication with the server will be on SSL. However to achieve the objective we need to accomplish following steps: Enable modules on Apache to help set up proxy Configure a proxy to control access to RStudio Server Use LetsEncrypt to enable SSL Restrict access to Rstudio server only through proxy Restart both Rstudio and Apache servers Step 1: Enable modules on Apache to help set up proxy There is guidance on how to do this on Rstudio Support. However, there was a bit of hair pulling and head scratching involved to get all the steps above work together so stick with me but keep that link in back pocket for variations or when you are stuck. With head scratching and hair pulling I mean that I encountered errors such as these - AH01102 error reading status line from remote server, Rstudio Proxy redirect changing the URL to localhost and many others which can be avoided by following steps as explained below. Anyway so we need to enable mod_proxy and mod_proxy_wstunnel modules. As Apache is already installed and mod_proxy already enabled I did not have to install the module itself, but if it needs to be done the commands are: sudo apt-get install libapache2-mod-proxy-html sudo apt-get install libxml2-dev Issuing the following commands should enable the relevant modules: sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_wstunnel Step 2: Configure a proxy to control access to RStudio Server # Change directory to sites-available cd /etc/apache2/sites-available # create a rstudio conf file sudo nano rstudio.conf Paste the following in the conf file but make sure to change details relevant to your set-up for each entry (line numbers 2, 3, 4, 15 and 16 below): <VirtualHost *:80> ServerAdmin user@yoursite.com ServerName yoursite.com ServerAlias whatever.yoursite.com #Specify path for Logs ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on #Rewrite the url supplied to ensure https is applied RewriteCond %{SERVER_NAME} =yoursite.com [OR] RewriteCond %{SERVER_NAME} =whatever.yoursite.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] # Following lines should open rstudio directly from the url RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:8787/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:8787/$1 [P,L] ProxyPass / http://localhost:8787/ ProxyPassReverse / http://localhost:8787/ </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet Press Ctrl+x and save the file. TIP: If you just want reverse proxy and no SSL, you can just comment out line 15, 16 and 17 in above conf file and you are all set. If you do want to enable SSL, enabling the site with commands below won't probably work just yet and subsequent steps will need to be completed. Anything else Now enable the new site by issuing the commands: sudo a2ensite rstudio.conf sudo service apache2 restart Step 3: Use LetsEncrypt to enable SSL Follow the instructions here for specific usecase but one way or the other using Certbot you will be able to obtain the LetsEncrypt SSL certificate and enable it on your server. Once certbot has completed doing it's thing you would find an additional conf file in /etc/apache2/sites-available named rstudio-le-ssl.conf. It will be pretty much same content as in rstudio.conf with very minor changes. The first line will be listening on 443 instead of 80 and the ssl certificates will be included. Normally you would not need to tweak anything in the resultant file but just for reference the contenst of this file will look as below: <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin user@yoursite.com ServerName yoursite.com ServerAlias whatever.yoursite.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on # Following lines should open rstudio directly from the url RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:8787/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:8787/$1 [P,L] ProxyPass / http://localhost:8787/ ProxyPassReverse / http://localhost:8787/ SSLCertificateFile /etc/letsencrypt/live/whatever.yoursite.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/whatever.yoursite.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet </IfModule> Restrict access to Rstudio server only through proxy Finally, we want to ensure that access to the Rstudio server is only through the proxy we configured and to do that we just need to specify this in the rstudio server configuration the attribute that tells it to only serve requests from localhost. sudo nano /etc/rstudio/rserver.conf Now on the opened file type www-address=127.0.0.1 and press Ctrl+x and save the file. Restart both Rstudio and Apache servers Finally issue the following commands to restart both the servers: sudo systemctl restart rstudio-server.service sudo service apache2 restart This is it. Now your new Rstudio server is ready to be used through secure socket layer.

Rstudio Server Setup with SSL behind Apache proxy server

Install R using following commands: sudo apt-get install r-base libapparmor1 gdebi-core # Check that R is installed R #quit R q() Install Rstudio IDE server cd Downloads/ wget https://download2.rstudio.org/rstudio-server-1.0.136-amd64.deb sudo gdebi rstudio-server-1.0.136-amd64.deb At this point if all goes well you can
While renewing my LetsEncrypt certificate, I found myself in a strange situation where the certbot won't run asking me to update pip and then each time I tried updating pip it failed with the error "error: command 'x86_64-linux-gnu-gcc' failed with exit status 4". It turns out that this happens due to low memory and with my digitalocean droplet being the cheapest one this was bound to happen sooner rather than later. Fortunately there is a way around it as explained below. Use of following commands will ensure that the swap file is created which in turn will help avoid the "error: command 'x86_64-linux-gnu-gcc' failed with exit status 4". Following commands will create a swap file: sudo dd if=/dev/zero of=/swapfile1 bs=1024 count=524288 sudo mkswap /swapfile1 sudo chown root:root /swapfile1 sudo chmod 0600 /swapfile1 sudo swapon /swapfile1 The swap file will now be activated but will be gone after the reboot. It can be reactivated using the last command (I hope - know so as I have now tried it). Anyway, after creating the swapfile, you will be able to upgrade pip without the aforementioned error. :) Update: 02/03/2017 I ran into memory issues yet again and I thought instead of increasing the memory for swapfile1, what if I can create another swapfile. I tried this and it works. Infact I felt quite nice uncovering a concept of multiple swapfiles purely based on my whim ;). All I really had to do was repeat above code replacing swapfile1 with swapfile2 and I had two swapfiles working together increasing available memory for my server. sudo dd if=/dev/zero of=/swapfile2 bs=1024 count=524288 sudo mkswap /swapfile2 sudo chown root:root /swapfile2 sudo chmod 0600 /swapfile2 sudo swapon /swapfile2 Thing is after it worked I was a bit intrigued by the concept and read a bit more on swapon / swapoff and few useful commands are listed below: # To enable all swapfiles swapon -a # To disable all swapfiles swapoff -a # To see all available swapfiles swapon -s # To enable a particular swapfile swapon <filename>

Swap File to create extra memory

While renewing my LetsEncrypt certificate, I found myself in a strange situation where the certbot won't run asking me to update pip and then each time I tried updating pip it failed with the error "error: command 'x86_64-linux-gnu-gcc' failed with exit status 4". It turns out that