Shiny Server Administrator’s Guide Shiny Server Professional v1.5.5 Copyright © 2017 RStudio, Inc. Contents 1 Getting Started 8 1.1 Introduction.........................................8 1.2 System Requirements...................................9 1.3 Installation.........................................9 1.3.1 Ubuntu (12.04+)..................................9 1.3.2 RedHat/CentOS (5.4+).............................. 10 1.3.3 SUSE Linux Enterprise Server (11+)....................... 11 1.3.4 Install Shiny.................................... 12 1.3.5 R Installation Location.............................. 13 1.4 Stopping and Starting................................... 14 1.4.1 systemd (RedHat 7, Ubuntu 15.04+, SLES 12+)................ 14 1.4.2 Upstart (Ubuntu 12.04 through 14.10, RedHat 6)................ 15 1.4.3 init.d (RedHat 5, SLES 11)............................ 16 2 Server Management 17 2.1 Default Configuration................................... 17 2.2 Server Hierarchy...................................... 18 2.2.1 Server........................................ 18 2.2.2 Location....................................... 19 2.2.3 Application..................................... 20 2.3 run_as ............................................ 20 2.3.1 :HOME_USER: .................................... 21 2.3.2 Running Shiny Server with Root Privileges................... 22 2.3.3 :AUTH_USER: .................................... 23 2.4 PAM Sessions........................................ 25 2.4.1 Session Profile................................... 25 1 CONTENTS 2 2.5 r_path ............................................ 26 2.6 Local App Configurations................................. 27 2.7 Hosting Model....................................... 27 2.7.1 Host a Directory of Applications......................... 27 2.7.2 Host a Single Application............................. 28 2.7.3 Host Per-User Application Directories...................... 28 2.8 Redirecting......................................... 29 2.9 Virtual Hosts........................................ 30 2.10 Custom Templates..................................... 31 2.11 Set Custom Headers.................................... 33 2.12 Server Log.......................................... 33 2.12.1 Access Logs..................................... 33 2.13 Environment Variable Settings.............................. 34 2.13.1 SHINY_LOG_LEVEL ................................. 35 2.13.2 R ........................................... 36 2.13.3 SHINY_DATA_DIR .................................. 36 3 Deploying Applications 37 3.1 Schedulers & Application Restarts............................ 37 3.1.1 Restarting an Application............................. 37 3.1.2 Simple Scheduler.................................. 38 3.1.3 Utilization Scheduler................................ 38 3.2 R Markdown........................................ 39 3.3 Application Timeouts................................... 39 3.4 Session Timeouts...................................... 40 3.5 Logging and Analytics................................... 40 3.5.1 Application Error Logs.............................. 40 3.5.2 Log File Permissions................................ 41 3.5.3 Google Analytics.................................. 41 3.6 Program Supervisors.................................... 42 3.7 Reactivity Log....................................... 42 3.8 Specifying Protocols.................................... 43 3.8.1 Disabling WebSockets on the Server....................... 43 CONTENTS 3 4 Authentication & Security 45 4.1 Authentication Overview.................................. 45 4.2 Auth Duration....................................... 46 4.3 Flat-File Authentication.................................. 46 4.3.1 sspasswd...................................... 46 4.4 Google Authentication................................... 47 4.4.1 Create a Google Application........................... 47 4.4.2 Configure Shiny Server............................... 48 4.4.3 Securing the Client Secret............................. 49 4.4.4 Email Address Restrictions............................ 49 4.5 PAM Authentication.................................... 51 4.5.1 PAM Basics..................................... 51 4.5.2 Default PAM Configuration............................ 51 4.5.3 PAM and Kerberos................................. 52 4.6 LDAP and Active Directory................................ 53 4.6.1 base_bind ..................................... 54 4.6.2 Securing the LDAP password........................... 55 4.6.3 user_bind_template ............................... 55 4.6.4 group_search_base ................................ 56 4.6.5 group_filter ................................... 56 4.6.6 group_name_attribute .............................. 56 4.6.7 trusted_ca ..................................... 57 4.6.8 check_ssl_ca ................................... 57 4.6.9 user_filter .................................... 57 4.6.10 user_search_base ................................. 58 4.7 Proxied Authentication.................................. 58 4.8 Required Users & Groups................................. 59 4.8.1 User Authentication................................ 59 4.8.2 Group Authentication............................... 59 4.9 SSL............................................. 60 4.10 Proxied Headers...................................... 61 4.11 Clickjacking Protection.................................. 61 CONTENTS 4 5 Monitoring the Server 63 5.1 Admin............................................ 63 5.1.1 Configuration.................................... 63 5.1.2 Organization.................................... 63 5.1.3 Killing Processes and Connections........................ 65 5.2 Graphite........................................... 65 5.3 Health Check Endpoint.................................. 65 5.3.1 Customizing Responses.............................. 66 5.3.2 Providing Multiple Health-Check Endpoints................... 67 6 Licensing & Activation 68 6.1 Product Activation..................................... 68 6.1.1 Activation Basics.................................. 68 6.1.2 Floating License.................................. 68 6.2 Connectivity Requirements................................ 69 6.2.1 Proxy Servers.................................... 69 6.2.2 Offline Activation.................................. 69 7 Appendix 71 7.1 Quick Start......................................... 71 7.1.1 Host a directory of applications.......................... 72 7.1.2 Let users manage their own applications..................... 72 7.1.3 Run Shiny Server on multiple ports....................... 73 7.1.4 Require user authentication on an application.................. 74 7.1.5 Host a secure Shiny Server............................ 75 7.1.6 Host an Application Supported by Multiple R Processes............ 76 7.2 Configuration Settings................................... 77 7.2.1 run_as....................................... 78 7.2.2 access_log...................................... 78 7.2.3 server........................................ 78 7.2.4 listen........................................ 79 7.2.5 server_name.................................... 79 7.2.6 location....................................... 79 7.2.7 site_dir....................................... 80 CONTENTS 5 7.2.8 directory_index.................................. 80 7.2.9 user_apps...................................... 80 7.2.10 user_dirs...................................... 80 7.2.11 app_dir....................................... 81 7.2.12 redirect....................................... 81 7.2.13 log_dir....................................... 81 7.2.14 log_file_mode................................... 81 7.2.15 members_of.................................... 82 7.2.16 required_group................................... 82 7.2.17 required_user.................................... 82 7.2.18 auth_passwd_file................................. 82 7.2.19 auth_proxy..................................... 83 7.2.20 auth_duration................................... 83 7.2.21 google_analytics_id................................ 83 7.2.22 app_init_timeout................................. 84 7.2.23 app_idle_timeout................................. 84 7.2.24 app_session_timeout............................... 84 7.2.25 http_keepalive_timeout.............................. 84 7.2.26 sockjs_heartbeat_delay.............................. 85 7.2.27 sockjs_disconnect_delay............................. 85 7.2.28 simple_scheduler.................................. 85 7.2.29 utilization_scheduler................................ 85 7.2.30 ssl.......................................... 86 7.2.31 allow_app_override................................ 86 7.2.32 admin........................................ 86 7.2.33 whitelist_headers.................................. 87 7.2.34 auth_google.................................... 87 7.2.35 auth_pam...................................... 87 7.2.36 auth_ldap...................................... 88 7.2.37 auth_active_dir.................................. 88 7.2.38 ldap_timeout.................................... 89 7.2.39 base_bind...................................... 89 7.2.40 user_bind_template................................ 90 7.2.41 trusted_ca..................................... 90 CONTENTS 6 7.2.42 check_ssl_ca.................................... 91 7.2.43 user_filter...................................... 91 7.2.44 user_search_base................................. 92 7.2.45 group_search_base...............................