1

While running a shinyApp, automatically an URL gets created. Thanks to comments to my prior question I now understand that this URL is not online for public access but restricted to my PC and, if connencted to the same LAN, to my coworkers (see answer here). How can I restrict the shinyApp to the one computer where it runs, i.e. not even users of same LAN can run the app?

To make it reproducible:

library(shiny)
ui <- fluidPage("Some app")
server <- function(input, output) {}
shinyApp(ui = ui, server = server)

For this minimal example, how can we avoid "Listening on http://..." that gets printed to the console and gives others access to my app? I tried to play around with the port argument of runApp() function, inserting NA and NULL, but can not figure out how to do this.

Background: I work for a big clinic with about 100 buildings and more then 5,000 employees. It depends on different things what data an employee may access (the working unit, profession, ...). My app contains sensible data and I must not allow access to anyone being in our LAN. In fact, my app is build for a certain usecase which is done by only one person. Thus, I want fully restrict the app to one computer.

LulY
  • 976
  • 1
  • 9
  • 24
  • Have you actually tried accessing your app from another computer? I'd assume it would not work anyway because your IT-department would block unusual traffic in your network - like such on port 4660 - unless explicitly allowed. You will not be able to completely disable `"Listening on http://..."` because this is what Shiny is all about in the end. Otherwise you would not be able to access your app yourself. Hence, I'd tackle this on a general network level. – dimfalk Jul 26 '22 at 09:58
  • Moreover, user authentication (and hence access restriction) for Shiny seems to be limited to Pro users ([source](https://docs.rstudio.com/shiny-server/#user-authentication)). – dimfalk Jul 26 '22 at 10:04
  • @falk-env Thanks. I'm not sure whether user authentication (thus, exclusion of *certain* user) is same as entirely restricting the app not to send to LAN. And even if this is the same, I hope someone knows a workaround – LulY Jul 26 '22 at 10:22
  • 1
    Maybe you can add authentication to the app? using `shinymanager` package? https://cloud.r-project.org/web/packages/shinymanager/index.html – Pork Chop Jul 26 '22 at 10:32

1 Answers1

3

By default your app is accessible only on the localhost (your PC).

Please see ?runApp()

The default for the host parameter is:

host = getOption("shiny.host", "127.0.0.1"),

The shiny.host variable by default is unset:

getOption("shiny.host")
# NULL

Accordingly, to make sure your app is accessible only from the localhost use:

runApp(host = "127.0.0.1")

Applied to your example code:

library(shiny)
ui <- fluidPage("Some app")
server <- function(input, output) {}
app <- shinyApp(ui = ui, server = server)
runApp(appDir = app, port = getOption("shiny.port"), host = "127.0.0.1")
ismirsehregal
  • 30,045
  • 5
  • 31
  • 78
  • You write "By default your app is accessible only on the localhost (your PC).", then "Accordingly, to make sure your app is accessible only from the localhost use...". Just to make sure I get it right: It makes no difference whether I leave out the `host` argument or define it with `"127.0.0.1"`? I assume setting it to `"127.0.0.1"` is just saver in case the default changes in future? – LulY Jul 26 '22 at 11:22
  • 1
    It makes no difference as long as the option `shiny.host` is `NULL`. If `shiny.host` is set it will be used by default. Passing `host = "127.0.0.1"` explicitly avoids this. – ismirsehregal Jul 26 '22 at 11:49