Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I set up an RStudio server to run with SSL on AWS?

I am interested in running an RStudio server on an AWS instance and accessing the server through an SSL encrypted connection.

How do I set that up?

like image 289
arokem Avatar asked Nov 01 '18 13:11

arokem


People also ask

How do I implement SSL in AWS?

There are three steps to install an SSL/TLS certificate on your EC2 Windows instance: Create a Certificate Signing Request (CSR) and request your SSL certificate. Install your SSL certificate. Assign the SSL certificate to your IIS deployment.

Where do I put SSL certificate in AWS?

It's a best practice that you upload SSL certificates to AWS Certificate Manager (ACM). If you're using certificate algorithms and key sizes that aren't currently supported by ACM or the associated AWS resources, then you can also upload an SSL certificate to IAM using the AWS Command Line Interface (AWS CLI).


1 Answers

Start an AWS instance with Ubuntu as your operating system and a security group that has an inbound connection for HTTPS on port 443, in addition to the SSH connection through port 22. Your instance will have to also have a public DNS.

Once the machine is up and running, log into it with SSH.

Install RStudio server using the instructions provided here, by executing:

sudo apt-get update
sudo apt-get install r-base
sudo apt-get install gdebi-core
wget https://download2.rstudio.org/rstudio-server-1.1.463-amd64.deb 
sudo gdebi rstudio-server-1.1.463-amd64.deb

Note: the exact name of the .deb file will change with newer versions of the RStudio server.

We will follow the instructions provided here and here to configure the nginx webserver to reverse proxy RStudio server to the web browser and use SSL. To install nginx execute:

sudo apt-get install nginx

Create the SSL certificates:

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

The latter command creates two files: a key file and an SSL certificate file.

Create a file under /etc/nginx/conf.d/rstudio.conf and edit it (note: you'll need to edit with sudo nano /etc/nginx/conf.d/rstudio.conf or similar) to add:

server {
        listen 80;
        listen [::]:80;

        listen 443 ssl;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        server_name ec2-11-22-333-444.us-west-2.compute.amazonaws.com;

        location / {
             proxy_pass http://localhost:8787/;
             proxy_redirect http://localhost:8787/ $scheme://$host/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $connection_upgrade;
             proxy_read_timeout 20d;
        }
}

Where you replace the server_name field with public DNS IP of your AWS instance.

In addition, you will need to edit the /etc/nginx/nginx.conf file to add the following lines into the http block:

http {
       # All you other settings up here... 

       server_names_hash_bucket_size 128;

       map $http_upgrade $connection_upgrade {
              default upgrade;
              ''      close;
                  }

}

The setting of server_names_hash_bucket_size to 128 is important for reasons explained here

Finally edit your /etc/rstudio/rserver.conf configuration file to add the line:

www-address=127.0.0.1

Next create user accounts for your users. For example:

sudo adduser arokem

You should now be able to restart both nginx and rstudio-server:

sudo rstudio-server restart
sudo systemctl restart nginx

And direct your browser to https://ec2-11-22-333-444.us-west-2.compute.amazonaws.com. You will probably get a warning from your browser that it does not recognize your SSL certificate. It is safe to ignore this warning (in this case), and proceed to the RStudio server login window. Use the user login that you just created to access RStudio.

like image 56
arokem Avatar answered Nov 06 '22 20:11

arokem