Support

Shiny Server Quick Start: Require user authentication on an application (Pro only)

Follow

This article is adapted from the Shiny Server Administrator's Guide for version 1.4.2.


 

Since authentication is being used in this scenario, this configuration is only valid for Shiny Server Professional installations.

Shiny Server Pro is capable of multiple different methods of authenticating users, as described in the Authentication & Security section of the Shiny Server Administrator's Guide. Out of the box, it is configured to use a Flat-File Authentication database stored in /etc/shiny-server/passwd. This database is initially empty; to create a user named admin, execute the following command:

$ sudo /opt/shiny-server/bin/sspasswd /etc/shiny-server/passwd admin

then enter the new password for the admin user when prompted. Once completed, you will have a single user defined in your database named admin.

You would then be able to log in to your administrative dashboard at a URL like http://myserver.com:4151/ (replacing myserver.com with your server's IP or hostname) with the username admin and the password you just created. See the Admin section of the Shiny Server Administrator's Guide for more details on how to take advantage of this interface.

After defining usernames and passwords in this password database, you can also restrict access to servers and locations using the required_user directive, as described below.

Shiny Server is configured by a file stored at /etc/shiny-server/shiny-server.conf. in this Quick Start guide, we will be using a shiny-server.conf file that contains the following:

# Instruct Shiny Server to run applications as the user "shiny"
run_as shiny;

# Specify the authentication method to be used.
# Initially, a flat-file database stored at the path below.
auth_passwd_file /etc/shiny-server/passwd;

# Define a server that listens on port 3838
server {
  listen 3838;

  # Define the location available at the base URL
  location / {
    # Host the directory of Shiny Apps stored in this directory
    site_dir /srv/shiny-server;
    
    # Log all Shiny output to files in this directory
    log_dir /var/log/shiny-server;
    
    # When a user visits the base URL rather than a particular application, 
    # an index of the applications available in this directory will be shown.
    directory_index on;

    # Define an inner location for a particular application that requires
    # authentication
    location /sample-apps/hello {
      required_user admin;
    }
  }
}

# Define a default admin interface to be run on port 4151.
admin 4151 {
  # Only permit the user named `admin` to access the admin interface.
  required_user admin;
}

Lines beginning with a # are treated as comments and not parsed when configuring the server.

This configuration uses the site_dir directive to specify that a directory of applications will be hosted at the base URL (/), and the required_user directive in the sub-location /sample-apps/hello to require authentication to that specific application. The hello application will be hosted at a URL like http://<server-address>:3838/samples-apps/hello, and you must be logged in as the user named "admin" to access it.

Note that the configuration specifies that only the hello location requires authentication; all other applications are freely available. If you were to move the required_user directive to the parent location, however, all applications defined in that location would require authentication as the user named "admin".

Comments