How can I set up an RStudio server to run with SSL on AWS?

Question

I am interested in running an RStudio server on an AWS instance and accessing the server through an SSL encrypted connection.

How do I set that up?

Answer 1

Start an AWS instance with Ubuntu as your operating system and a security group that has an inbound connection for HTTPS on port 443, in addition to the SSH connection through port 22. Your instance will have to also have a public DNS.

Once the machine is up and running, log into it with SSH.

Install RStudio server using the instructions provided here, by executing:

sudo apt-get update
sudo apt-get install r-base
sudo apt-get install gdebi-core
wget https://download2.rstudio.org/rstudio-server-1.1.463-amd64.deb 
sudo gdebi rstudio-server-1.1.463-amd64.deb

Note: the exact name of the .deb file will change with newer versions of the RStudio server.

We will follow the instructions provided here and here to configure the nginx webserver to reverse proxy RStudio server to the web browser and use SSL. To install nginx execute:

sudo apt-get install nginx

Create the SSL certificates:

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

The latter command creates two files: a key file and an SSL certificate file.

Create a file under /etc/nginx/conf.d/rstudio.conf and edit it (note: you'll need to edit with sudo nano /etc/nginx/conf.d/rstudio.conf or similar) to add:

server {
        listen 80;
        listen [::]:80;

        listen 443 ssl;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        server_name ec2-11-22-333-444.us-west-2.compute.amazonaws.com;

        location / {
             proxy_pass http://localhost:8787/;
             proxy_redirect http://localhost:8787/ $scheme://$host/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection $connection_upgrade;
             proxy_read_timeout 20d;
        }
}

Where you replace the server_name field with public DNS IP of your AWS instance.

In addition, you will need to edit the /etc/nginx/nginx.conf file to add the following lines into the http block:

http {
       # All you other settings up here... 

       server_names_hash_bucket_size 128;

       map $http_upgrade $connection_upgrade {
              default upgrade;
              ''      close;
                  }

}

The setting of server_names_hash_bucket_size to 128 is important for reasons explained here

Finally edit your /etc/rstudio/rserver.conf configuration file to add the line:

www-address=127.0.0.1

Next create user accounts for your users. For example:

sudo adduser arokem

You should now be able to restart both nginx and rstudio-server:

sudo rstudio-server restart
sudo systemctl restart nginx

And direct your browser to https://ec2-11-22-333-444.us-west-2.compute.amazonaws.com. You will probably get a warning from your browser that it does not recognize your SSL certificate. It is safe to ignore this warning (in this case), and proceed to the RStudio server login window. Use the user login that you just created to access RStudio.