I am interested in running an RStudio server on an AWS instance and accessing the server through an SSL encrypted connection.
How do I set that up?
How can I set up an RStudio server to run with SSL on AWS?
Asked Answered
Start an AWS instance with Ubuntu as your operating system and a security group that has an inbound connection for HTTPS on port 443, in addition to the SSH connection through port 22. Your instance will have to also have a public DNS.
Once the machine is up and running, log into it with SSH.
Install RStudio server using the instructions provided here, by executing:
sudo apt-get update
sudo apt-get install r-base
sudo apt-get install gdebi-core
wget https://download2.rstudio.org/rstudio-server-1.1.463-amd64.deb
sudo gdebi rstudio-server-1.1.463-amd64.deb
Note: the exact name of the .deb file will change with newer versions of the RStudio server.
We will follow the instructions provided here and here to configure the nginx webserver to reverse proxy RStudio server to the web browser and use SSL. To install nginx execute:
sudo apt-get install nginx
Create the SSL certificates:
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
The latter command creates two files: a key file and an SSL certificate file.
Create a file under /etc/nginx/conf.d/rstudio.conf and edit it (note: you'll need to edit with sudo nano /etc/nginx/conf.d/rstudio.conf or similar) to add:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
server_name ec2-11-22-333-444.us-west-2.compute.amazonaws.com;
location / {
proxy_pass http://localhost:8787/;
proxy_redirect http://localhost:8787/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
}
}
Where you replace the server_name field with public DNS IP of your AWS instance.
In addition, you will need to edit the /etc/nginx/nginx.conf file to add the following lines into the http block:
http {
# All you other settings up here...
server_names_hash_bucket_size 128;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
The setting of server_names_hash_bucket_size to 128 is important for reasons explained here
Finally edit your /etc/rstudio/rserver.conf configuration file to add the line:
www-address=127.0.0.1
Next create user accounts for your users. For example:
sudo adduser arokem
You should now be able to restart both nginx and rstudio-server:
sudo rstudio-server restart
sudo systemctl restart nginx
And direct your browser to https://ec2-11-22-333-444.us-west-2.compute.amazonaws.com. You will probably get a warning from your browser that it does not recognize your SSL certificate. It is safe to ignore this warning (in this case), and proceed to the RStudio server login window. Use the user login that you just created to access RStudio.
I recommend to set
proxy_redirect http://localhost:8787/ $scheme://$host:$server_port/; for replacement. –
Criticaster Do you have any tips for getting this to work when running rstudio-server locally using docker? I've tried following the steps but entering my computers's ip as the server name but hasn't worked. –
Plunder
This still works for a non-docker instance of RStudio-server as of June 2022 using Marcel Boldt's recommendation. –
Nuss
This worked great for me (thanks!), but I had to do two additional steps at the end in order for this to work with existing users on the machine:
sudo cp /etc/pam.d/login /etc/pam.d/rstudio and then set the user's password using passwd –
Irv © 2022 - 2024 — McMap. All rights reserved.
sudo nginx -tis definitely helpful to spot any errors. And the server restart commands can be simplified for Ubuntu. I used 'sudo service rstudio-server restart` andsudo service nginx restart. – Fisticuffs