Auth0 Home Blog Docs

Securing shiny server port 3838 with auth0

Hi everyone,

My current setup allows localhost:3000 to go via auth0 login. Once I login successfully, it takes me to localhost:3000/report/ where I can see a directory containing my app folder on Shiny server (I removed the Welcome page of Shiny server). BUT I am unable to secure my Shiny server i.e. if anybody goes to localhost:3838 directly, they can still access all my apps. How do I make the user accessing localhost:3838 to go via localhost:3000, authenticate, and then be given access to my apps? Also, I am unable to find any logout button on the screen after a user logs in. Is that something I have to incorporate somewhere?

Here is my nginx file (I removed TLS server as I am using this on localhost):

events {
}

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # Listen on port 80 and redirect all requests to the
    # TLS enabled server (https, port 443)
    server {
        listen       *:80;

        # Your hostname should go here
        server_name  localhost;

        access_log   off;
        location / {
            rewrite ^ https://$host$request_uri? permanent;
        }
    }
}

And here is my .env file (I have omitted the first three lines):

AUTH0_CALLBACK_URL=http://localhost:3000/callback
COOKIE_SECRET=somethingRandomHerePlease342142565748
SHINY_HOST=localhost
SHINY_PORT=3838
PORT=3000

nginx -1.14.2
Shiny Server v1.5.9.923
Node.js v8.11.3
Ubuntu 18.04

You are able to access the Shiny server directly because you are on localhost, the machine where the Shiny server is running.

On an actual deploy, the Shiny server won’t be directly exposed to the internet (either by not opening the port for outside connections, or by putting it in a server inside the firewall). All communications with the outside world will happen through the proxy server (nginx) through the port 443, and nginx will communicate through the internal port to the Shiny server.

                                               Shiny
(browser)   --->   Nginx server        --> (listen on port 3000, not
                  (listen on port 443)      opened to the outside world]