I am interested in running an RStudio server on an AWS instance and accessing the server through an SSL encrypted connection.
How do I set that up?
Asked
Active
Viewed 2,975 times
1 Answers
16
Start an AWS instance with Ubuntu as your operating system and a security group that has an inbound connection for HTTPS on port 443, in addition to the SSH connection through port 22. Your instance will have to also have a public DNS.
Once the machine is up and running, log into it with SSH.
Install RStudio server using the instructions provided here, by executing:
sudo apt-get update
sudo apt-get install r-base
sudo apt-get install gdebi-core
wget https://download2.rstudio.org/rstudio-server-1.1.463-amd64.deb
sudo gdebi rstudio-server-1.1.463-amd64.deb
Note: the exact name of the .deb file will change with newer versions of the RStudio server.
We will follow the instructions provided here and here to configure the nginx webserver to reverse proxy RStudio server to the web browser and use SSL. To install nginx execute:
sudo apt-get install nginx
Create the SSL certificates:
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
The latter command creates two files: a key file and an SSL certificate file.
Create a file under /etc/nginx/conf.d/rstudio.conf and edit it (note: you'll need to edit with sudo nano /etc/nginx/conf.d/rstudio.conf or similar) to add:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
server_name ec2-11-22-333-444.us-west-2.compute.amazonaws.com;
location / {
proxy_pass http://localhost:8787/;
proxy_redirect http://localhost:8787/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
}
Where you replace the server_name field with public DNS IP of your AWS instance.
In addition, you will need to edit the /etc/nginx/nginx.conf file to add the following lines into the http block:
http {
# All you other settings up here...
server_names_hash_bucket_size 128;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
The setting of server_names_hash_bucket_size to 128 is important for reasons explained here
Finally edit your /etc/rstudio/rserver.conf configuration file to add the line:
www-address=127.0.0.1
Next create user accounts for your users. For example:
sudo adduser arokem
You should now be able to restart both nginx and rstudio-server:
sudo rstudio-server restart
sudo systemctl restart nginx
And direct your browser to https://ec2-11-22-333-444.us-west-2.compute.amazonaws.com. You will probably get a warning from your browser that it does not recognize your SSL certificate. It is safe to ignore this warning (in this case), and proceed to the RStudio server login window. Use the user login that you just created to access RStudio.
arokem
- 579
- 4
- 15
-
So I think doing a nginx config check using `sudo nginx -t` is definitely helpful to spot any errors. And the server restart commands can be simplified for Ubuntu. I used 'sudo service rstudio-server restart` and `sudo service nginx restart`. – Nirmal Nov 18 '19 at 20:12
-
I recommend to set `proxy_redirect http://localhost:8787/ $scheme://$host:$server_port/;` for replacement. – Marcel Boldt Mar 25 '20 at 21:51
-
Do you have any tips for getting this to work when running rstudio-server locally using docker? I've tried following the steps but entering my computers's ip as the server name but hasn't worked. – user3084100 May 27 '22 at 14:57
-
1This still works for a non-docker instance of RStudio-server as of June 2022 using Marcel Boldt's recommendation. – mikemtnbikes Jun 14 '22 at 21:51
-
This worked great for me (thanks!), but I had to do two additional steps at the end in order for this to work with *existing* users on the machine: `sudo cp /etc/pam.d/login /etc/pam.d/rstudio` and then set the user's password using `passwd` – dyoung May 18 '23 at 22:19