This guide is part of a series on setting up your own private server running shiny apps. There are many guides with great advice on how to set up an R shiny server and related software. I try to make a comprehensive guide based in part on these resources as well as my own experiences. I always aim to properly attribute information to their respective sources. If you notice an issue, please contact me.
Part 1 of this series is available here
Part 2 of this series is available here
Part 3 of this series is available here
We’re nearly at the end of the shiny server series, and that means that we’ll be getting into the really useful parts. In this tutorial, we’ll use Auth0 to set up user authentication to regulate access to our private shiny server.
Resources used for this part
This guide draws on this excellent tutorial produced by Auth0.
Where were we?
In the previous part, we set up SSL encryption on our server. This makes user authentication safer by encrypting traffic to and from the server. Remember, however, that we didn’t yet set up nginx to use this SSL certificate. So although we set up all the prerequisites, SSL encryption is not yet operational.
As always, the first thing we’ll do is log into the server
Before you do anything else, take a note of the location where Let’s encrypt stored your certificate. It’s easiest to just navigate to the following folder
Write down the name of this folder, you’ll need it to complete the next step.
Now, we can switch to the shiny user:
Back up the nginx configuration in case something goes wrong. Then, delete the config and open a new default config file:
The next part can be a bit tricky. Take a look at the config file below. You need to replace
<your-domain-name> with the following:
- In lines 19-20, replace the text by the name of the folder you just wrote down.
- In lines 39 and 91, replace the text by your custom domain name, with and without ‘www’
I’ve added some helpful screenshots below for clarification. It’s easiest to just copy-paste this into a notepad file and replace the values before pasting it into the nano editor.
The image below shows what this looks like in the nano editor.
(here’s the top part of the config file)
(and here’s the bottom part)
After pasting the new configuration, save the file by hitting
control+x and then
enter. Then, restart the nginx service:
In your browser, navigate to your domain name. If all went well, you should now see the lock symbol indicating that the setup is a success!
What does this new config file do?
Glad you asked. This config file makes sure that we use the Let’s Encrypt SSL certificate we created earlier. We also keep the locations we’ve been using so far, but we changed the config files for the private-apps shiny server. This configuration file re-routs all traffic through the Auth0 authentication service we’ll set up in a second. If the user successfully authenticates, they will be forwarded to the private shiny environment.
Setting up your Auth0 account
Navigate to the Auth0 website and sign up for an account. A free account works with up to 7.000 users, so this should be more than enough.
Navigate to connections and remove all social logins. We won’t be needing them for this application as we’ll be setting up an email whitelist:
Go to ‘clients’ and click on ‘create client’
Name your application and choose ‘regular web app’:
Now go to ‘settings’, note down your domain, client ID and secret ID, and add a callback url in the following format:
Scroll down and save your changes. Then, navigate to ‘rules’ and click on ‘create first rule’:
From this list, select ‘whitelist for a specific app’:
Change the name of the app (red box) to your application name, then add the email addresses that are allowed to make an account (gold box):
Setting up the Auth0 service
Go back to the terminal and clone my fork of the auth0 shiny-auth0 repository:
Install nodejs and npm
Enter the shiny-auth0 repository and let npm install the dependencies
Go to this website and generate a random string of 40 characters. Copy-paste this string in a temporary document. You will need it a little later.
Go back to the terminal and create a file called ‘.env’ in the shiny-auth0 directory:
Copy the lines below into a temporary document and add the required information
Save the file by hitting
control+x and then
enter. Make a symlink for nodejs so it can also be called with ‘node’:
Run the app using:
Now, go to:
www.<your-domain-name>.<extension>/private-apps/ to see if it works.
Now that we know that user authentication works, we need to make sure that the Auth0 service can quietly run in the background like a regular service. Hit
control + C in the terminal to stop the nodejs server. Then, execute
and copy-paste the following:
Control + X,
Y and then
enter. Then, execute the next two lines:
This automatically starts up the auth0 server every time the server restarts.
Congratulations, user authentication is now set up! This wraps up part 4 of the shiny server series. In the last instalment, we’ll be adding a simple static website created using Jekyll.