I asked in the post itself and will ask here for more visibility
I used openssl to create the key and cert as the link you provided in the pdf seems…unsafe? There are articles and news about that website having holes.
I created cert and key and used them for nginx. Nginx started successfully even though it has the message "ssl_stapling" ignored, issuer certificate not found for certificate "/some/path/to/mycert.crt"
When I go through localhost:80, the auth0 is successfully triggered, so i assume my setup for auth0 is correct. However, once I log in, I get a 404 saying the Page not found and the url shows error=unauthorized&error_description=Access denied". I'm not sure why my access is denied. There's no info in nginx's access.log or error.log, and node only shows bunch of /login 302andreports/ 302`
I have nginx’s server_name set as localhost and listening to 80 and 443 as instructed, and my .env has the callback http://localhost:3838/callback as that’s where my shiny server is resided.
On auth0 app setting, I allowed http://localhost:3838/complete/, http://localhost:3838/callback, and http://localhost:3838
I’m using Ubuntu 18.04 with latest setup
node v8.10.0
R v3.4.4
shiny-server v1.5.7.907
nginx 1.14.0
Interesting thing is when I change the server name to something other than localhost, I can still access auth0 from localhost (no port number, should be listening to port 80 in my knowledge)
I’m not sure what could have prevented the callback to be successful. Is the callback not happening? Is the page being called not exist?
localhost:3838 (the shiny server) is active and can be directly accessed (something I also need to hide from direct access in the future…)
Okay, I changed the callback URL in auth0-shiny’s .env and it successfully redirected me to the sample page (the “If you’re seeing this page, that means Shiny Server is installed and running. Congratulations!” page), but the sample app is not loading. Going to experiment more about allowed callback URLs. Feels like the problem is there…
Can I safely say my nginx works as expected?
You should only create an SSL certificate if you are going to expose the server through a domain (like my-shiny-server.com). For local tests running from your localhost address, there is no need to create a SSL cert.
Indeed, the PDF is old. I’d recommend using Let’s Encrypt for free TLS certificates nowadays.
The callback must point to the HTTP server, not the Shiny server. In other words, if your server is located at localhost:80, the callback must be http://localhost:80/callback. Port 80 is used for NO TLS access. Port 443 is used when TLS is enabled with proper certificates (not for localhost). Note that in the blogpost server_name fron nginx.conf matches the domain of the callback in the .env file (plus the added /callback part at the end).
The nginx.conf file assumes you will be running this in a TLS-enabled environment, so trying to access localhost:80 will always redirect to localhost:443. If you haven’t modified this in your file (i.e. you have kept it as is from the blog post), the correct callback for you would be https://localhost:443/callback. Note that this will give invalid certificate warnings, but for testing purposes that is fine.
I see. everything I set up is on localhost so far. I guess I’ll need to eventually get the TLS to actually work.
Thanks for your answer. I got everything to run smoothly now.
1 Like
Hi. I have been having similar problems, and thankfully the correct callback worked (https://localhost:443/callback). My current setup allows localhost and localhost:3000 to go via auth0 login. Once I login successfully, it takes me to localhost:3000/report/ where I can see a directory containing my app folder on Shiny server (I removed the Welcome page of Shiny server). BUT I am unable to secure my Shiny server i.e. if anybody goes to localhost:3838, they can still access all my apps. How do I achieve this? How do I make the user accessing localhost:3838 to go via localhost:3000, authenticate, and get routed back to localhost:3838? Also, I am unable to find any logout button on the screen after a user logs in. Is that something I have to incorporate somewhere?
Hey there!
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?