This guide is part of a series on setting up your own private server running shiny apps. There are many guides with great advice on how to set up an R shiny server and related software. I try to make a comprehensive guide based in part on these resources as well as my own experiences. I always aim to properly attribute information to their respective sources. If you notice an issue, please contact me.
In part 1 and part 2 of this series, we set up an ubuntu 16.04 server to host shiny applications. Thus far, we configured shiny server to listen on port 3838 (for public apps) and 4949 (for private apps). In this part, we will set up SSL encryption on the server for additional security.
Resources used for this part
This guide is largely based on this tutorial.
Adding SSL encryption to your server
Log into your server and switch to the Shiny user:
Go to the
sbin folder on your server and download certbot-auto:
Make the script executable:
Now, open up the nginx configuration:
Take note of the root location, shown in the image below surrounded by the blue box. For the remainder of this tutorial, I’ll assume that your root location is located at
/var/www/html. If it is not, make sure to switch your root location with mine when executing the commands below.
Then, add the contents below to the nginx configuration (surrounded by the red box in the image)
Take your root location and your domain name (with www. and without it) and fill them out in the and
Next, we generate a strong Diffie–Hellman group for extra security:
SSL certificates expire every couple of months or so, so it’s a good idea to refresh our certificate regularly. We’ll set up a cron job that does this every week. Access cron by executing the following:
Add the following lines:
control+x and then
enter, and your changes will be saved. Congratulations, you have now successfully set up SSL encryption on your server! Note that SSL encryption is not yet operational; we’ll take care of that in the next part, when we’ll add user authentication to our private shiny server using Auth0