openanalytics / shinyproxy Goto Github PK
View Code? Open in Web Editor NEWShinyProxy - Open Source Enterprise Deployment for Shiny and data science apps
Home Page: https://www.shinyproxy.io
License: Apache License 2.0
ShinyProxy - Open Source Enterprise Deployment for Shiny and data science apps
Home Page: https://www.shinyproxy.io
License: Apache License 2.0
Ubuntu 16.04.
When i run shinyproxy.jar from folder without application.yml (with standard configuration coppied form https://www.shinyproxy.io/configuration/#overview) i have no problem to run app (hello application, 06_tabsets). But when i copy this file into directory with shinyproxy.jar and run this standard configuration. Shiny proxy stops on 4th step in inicilizastion and produce this log.
shinyproxy.txt
I didn't create the SO question but it belong here not there and I work in cybersecurity so can assist:
Unless someone proves otherwise, after installing ShinyProxy from ShinyProxy.io software, which is a well documented piece of software, the machine started a docker image that runs XMRig that takes 100% CPU usage and might be for bitcoin mining. Below some print-screens. If anyone with similar problem, please let us know.
I am trying to authenticate Shiny proxy from token based on my application but don't see any way of doing it. Any tips on it ? I am also fine to pay for custom development.
Are ports 20.000 and greater accessible to the outside world?
I mean when a user opens an app, then a port (20.000 or greater by default) is opened and I can access the docker container on ADDRESS:PORT even though I am not logged in! I only tested this on my local machine (not on an actual server). Isn't this a security issue? Are there any solutions?
Do shiny (or other) apps in shinyproxy have access to the username of the logged in user, like through an environment variable or something? This could be useful for determining what a user gets to do and see in an app.
That way one could, for example, provide hyperlinks in the description
Hi,
When I use Ctrl+C to stop shinyproxy and restart (e.g., in order to add an app), I find that the running container will not be stopped. This leads to a consequence that the corresponding port (like 20000) is used and shinyproxy will not be able to launch the app.
So, my questions are:
Thanks.
Hi,
When I configure the authentication as LDAP and starttls:simple. When I am logged-in in one browser and if I try logging on using another browser, I got the following error message. This also happens when I tried logging in after I started containers and logged out. All the containers get killed after that.
Error
Status code: 500Message: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - TLS already started]; remaining name ''
Stack Trace:
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - TLS already started]; remaining name ''
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:147)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:241)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:166)
at eu.openanalytics.auth.LDAPAuthenticationType$CNLdapAuthoritiesPopulator.getGroupMembershipRoles(LDAPAuthenticationType.java:180)
at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:210)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:213)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:89)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - TLS already started]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3261)
at javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy.processContextAfterCreation(AbstractTlsDirContextAuthenticationStrategy.java:131)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:142)
... 75 more
Thanks for this tool - looks like a really great open source edition to deploying shiny apps in a scalable way!
Having gone through the docs I can't see anything on how continuous deployment would work with shiny proxy.
My question is say you have a server with 3 apps up and running and you want to update an app or publish a new app is there a way to do this without stopping the service, updating the yml and restarting it?
I tried updating the application.yml on a running instance but this didn't do anything (as expected). Is there a way to update it whilst its up?
To run multiple web services behind Nginx or Apache with a single domain name, it's useful to be able setting a context path, e.g. https://example.com/shinyproxy instead of https://example.com. I have made therefore the necessary changes to the code: master...Ununnilium:master. With this changes, the context path can then be defined in application.yml
:
shiny:
...
spring:
...
logging:
...
server:
contextPath: "/shinyproxy"
I have never used Spring Boot before, therefore I'm not sure if the code quality of my changes are good enough. If there are good enough, can you add them? If not, would it be possible that this functionality is added in future?
As per the following code in your file:
src/main/java/eu/openanalytics/services/DockerService.java
@Bean
public DockerClient getDockerClient() {
try {
return DefaultDockerClient.builder()
.dockerCertificates(DockerCertificates.builder().dockerCertPath(Paths.get(environment.getProperty("shiny.proxy.docker.cert-path", ""))).build().orNull())
.uri(environment.getProperty("shiny.proxy.docker.url"))
.build();
} catch (DockerCertificateException e) {
throw new ShinyProxyException("Failed to initialize docker client", e);
}
}
It looks like you're forcing all users to communicate to docker using a TCP address. It's more compatible with docker hosts for us to just mount the docker.sock
file and not need to modify our daemons to expose docker over TCP ports.
I've reviewed the underlying spotify docker client code here:
https://github.com/spotify/docker-client/blob/master/src/main/java/com/spotify/docker/client/DefaultDockerClient.java#L397-L401
if (originalUri.getScheme().equals(UNIX_SCHEME)) {
this.uri = UnixConnectionSocketFactory.sanitizeUri(originalUri);
} else {
this.uri = originalUri;
}
As such: it looks like your software is already compatible with unit sockets, by specifying: unix://...
Could you please tell me what the .yml configuration uri
value should be in order to communicate with the mounted unix socket?
Thanks
I have a shinyproxy sat behind a google load balancer and when accessing one of the configured applications the proxy will return a 503 response when some assets provided by the application are accessed.
The assets that fail aren't always the same though. Sometimes the logo on the applications start page doesn't load then it will when the page is reloaded and the browser cache ignored. The same can be said for CSS documents too.
The Loadbalancer is provided via the Google compute service and is configured to handle the SSL stuff for the proxy. Everything behind the loadbalancer for the moment is just HTTP
My shinyproxy config is:
shiny:
proxy:
title: Test-shiny
logo-url: https://assets.local/logo.png
landing-page: /
heartbeat-rate: 1000
heartbeat-timeout: 1000000
container-wait-time: 1200000
hide-navbar: true
port: 8080
authentication: none
docker:
url: http://localhost:2375
port-range-start: 20000
apps:
- name: test-app
display-name: test-application
description: test application
docker-image: test-r-app:latest
logging:
file:
shinyproxy.log
level:
root: DEBUG
I have packet captures from inside the docker network that show all is well and the request is served properly.
The packet captures i have from shinyproxy however show its returning a 503 to the loadbalancer IP's
Network diagram of sorts:
{World} --> [Google LB] --> [shiny proxy instance (Docker service) ]
If the LB is turned off shiny seems to be fine, however i kind of need it for what i want to do
Does there need to be extra config set for shiny to make it play nice with a loadbalancer ?
To describe what's going on briefly: I successfully log into shinyProxy, click on the application link I want to start. Loading screen shows on, container is spinning up. Finally, when container is finished and the shiny app is supposed to show up, firefox gives me a We can’t connect to the server at unruffled_bell
, where unruffled_bell
is the name of the container used.
In the shinyproxy.log
I can see Proxy activated [user: user1] [app: app1]
as expected.
I suspect some sort of a weird port problem.
Relevant part of the application.yml:
docker-cmd: ["R", "-e", "shiny::runApp('/path/to/shinyapp', port = 3838, host = '0.0.0.0')"]
Also, if I use host = '127.0.0.1'
fun ends where the container just never gets responsive and it keeps on loading.
Any ideas?
Is there a way of changing the style (css) of the web pages in shinyproxy – specially login and application pages?
After an upgrade to docker-ce/xenial 18.04.0ce3-0ubuntu amd64 from 18.03.0ce-0~ubuntu in Docker edge channel I get "Failed to create container" with all apps, including standard demos.
Downgrading to 18.03 works.
Sorry, I have not been able yet to track down detailed errors. T
Tried workaround #46 without success.
Hi, I would like to use shinyproxy
on OSX.
It seems like the only way to connect to the daemon of Docker For Mac, is using unix:///var/run/docker.sock
. However, if I change url
to unix:///var/run/docker.sock
in application.yml
, an error occurs:
Status code: 500
Message: Failed to start container: unknown protocol: unix
After some digging, get the workaround that works:
socat TCP-LISTEN:2375,range=127.0.0.1/32,reuseaddr,fork UNIX-CLIENT:/var/run/docker.sock
It takes me two hours to find the workaround. I guess other people who using OSX will need it as well. Please add it to the documentation if you're in convenient.
Thanks.
Hi,
logo-url does not seem to be working with version 1.1.1: the logo http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png does not show, instead we get the spring leaf :)
Best.
I'm attempting to load this flexdashboard application
But whenever I connect to the shinyproxy server to load the application, I get the following error
Status code: 500 Message: Cannot proceed: waiting for proxy to launch
Followed by a large Stack Trace output (I can post if needed). Does shinyproxy not support launching applications written in Rmarkdown documents or am I doing something wrong?
There is a project called Rinno
https://github.com/ficonsulting/RInno
It takes for shiny app and convert it into a desktop app. And lately I have been using it to create apps for my colleagues but now my IT team had intervained because they are not secure enough.
I just want to know shiny proxy has a java login functionality. Is there a way we can use it in rinno app.
It would be nice to be able to define the application name on the app level rather that server level. Such we can have a unique application name for each of the app hosted via ShinyProxy.
Thank you, Dylan
I'm using the latest ShinyProxy 1.0.2 and is experiencing an issue where after opening an app in one browser and then try using another browser to access the same app, the page only shows 'No session ID found'.
After a while, I guess when the session does expire, even using the original browser will have the same issue.
Currently, in the application.yml, we can specify paths that to be mounted to run the container for each Shiny app. @fmichielssen mentioned on shinyproxy.io that we can specify environment variables such as $HOME in the path by docker-volumes: [ "${HOME}/path1:/container/path1" ]
, but as he pointed out,
they refer to the ShinyProxy’s process daemon, not the ShinyProxy logged-in user
this way doesn't really make the program dynamic.
So he suggested making variables like SHINYPROXY_USERNAME available in the context,
docker-volumes: [ "/host/mnt/${SHINYPROXY_USERNAME}/path1:/container/path1" ]
this would be very helpful for a lot of use-cases regarding user files.
If this is something you guys think is useful, I can investigate into it and try implementing it.
Another issue is in our Docker container, the Shiny Server is run under user 'shiny', and the volume mounted in could be owned by any logged in user(on the host), therefore, the Shiny app in the docker container does not have the right permission to access these files. I guess this is not really a shinyproxy issue, rather a volume related issue of Docker.
Thanks.
Running ShinyProxy inside a Kubernetes cluster, the created kubernetes service gets deleted when Shinyproxy stops the shiny app's container.
I am using ShinyProxy with Kubernetes based on the given example configuration (https://github.com/openanalytics/shinyproxy-config-examples/tree/master/03-containerized-kubernetes) using a LoadBalancer service type instead of NodePort.
I figured out that it is caused by the KubernetesBackend's doStopProxy function as it deletes the kubernetes service:
@Override
protected void doStopProxy(KubernetesContainerProxy proxy) throws Exception {
kubeClient.pods().delete(getProxy(proxy).getPod());
kubeClient.services().delete(getProxy(proxy).getService());
}
If Shinyproxy is used inside a kubernetes cluster and the service is created by the user during the deployment, it shouldn't delete the service. I guess it just needs to check whether the proxy is used internally or not and delete the service if needed.
Hey guys,
Paul from Oasis here.
We're struggling to install R. We have to move from base image ubuntu:17.04
because it's now EOL and our option is to switch to ubuntu:16.04 LTS, or ubuntu:17.10 - once switchin we're getting apt-get errors and wondering if you can help us out.
FROM ubuntu:17.10
ARG USER_ID
RUN apt-get update && \
apt-get install -y gcc g++ && \
apt-get install -y --no-install-recommends libcurl4-gnutls-dev libcairo2-dev libxt-dev libssl-dev libssh2-1-dev libssl1.0.0 apt-utils && \
apt-get install -y --no-install-recommends -f libxml2-dev libssl-dev libiodbc2 libiodbc2-dev && \
apt-get install -y --no-install-recommends unixodbc unixodbc-dev freetds-dev freetds-bin tdsodbc libgeos-dev && \
rm -rf /var/lib/apt/lists/*
# todo - remove this dual apt-get update
# Install R
RUN apt-get update && \
apt-get install -y --no-install-recommends software-properties-common && \
# todo - put this at the start
add-apt-repository "deb http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/" && \
apt-get update && \
apt-get install -y --no-install-recommends --allow-unauthenticated r-base && \
rm -rf /var/lib/apt/lists/*
# Install Shiny Server dependencies
# RUN apt-get install -y \
# gdebi-core pandoc pandoc-citeproc libcurl4-gnutls-dev libcairo2 libxt-dev && \
# rm -rf /var/lib/apt/lists/*
# Install Flamingo dependencies
RUN R -e "install.packages(c('devtools', 'DT', 'shiny', 'shinyBS', 'httr', 'rjson', 'odbc', 'RODBC', 'leaflet', 'ggplot2', 'curl', 'RCurl', 'xml2', 'XML', 'rmarkdown', 'logging'), repos='https://cloud.r-project.org/')" && \
R -e "install.packages(c('Dataset'), repos='http://R-Forge.R-project.org')" && \
R -e "install.packages(c('shinyjs'), repos='https://cloud.r-project.org/')" && \
R -e "remove.packages(c('devtools'))"
# Create a jenkins user
WORKDIR /var/www/oasis
RUN adduser --shell /bin/bash --uid $USER_ID --disabled-password --gecos "" jenkins && \
chown -R jenkins:jenkins /var/www/oasis
# Create the logging directory
RUN mkdir /var/log/shiny-server
# Install the flamingo package
COPY flamingo.tar.gz /tmp
RUN R CMD INSTALL /tmp/flamingo.tar.gz
# COPY shiny-server.sh /home/Flamingo/
COPY freetds.conf /etc/freetds/
COPY odbc.ini /etc/
COPY odbcinst.ini /etc/
# COPY shiny-server.conf /etc/shiny-server/
COPY db_conf.sh /home/Flamingo/
COPY Rprofile.site /usr/lib/R/etc/
EXPOSE 3838
USER jenkins
CMD ["R", "-e", "flamingo::runFlamingo()"]
Error output:
.... SNIP ...
Ign:4 http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/ InRelease
Get:6 http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/ Packages [53.4 kB]
Fetched 57.0 kB in 0s (188 kB/s)
Reading package lists...
W: GPG error: http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51716619E084DAB9
W: The repository 'http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/ InRelease' is not signed.
Reading package lists...
Building dependency tree...
Reading state information...
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
r-base : Depends: r-base-core (>= 3.4.3-1zesty0) but it is not going to be installed
Depends: r-recommended (= 3.4.3-1zesty0) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
Removing intermediate container 693560cea091
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends software-properties-common && add-apt-repository "deb http://cran.ma.imperial.ac.uk/bin/linux/ubuntu zesty/" && apt-get update && apt-get install -y --no-install-recommends --allow-unauthenticated r-base && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
script returned exit code 100
Dear Shinyproxy developers,
I have developped a shiny application and I want to use your great tool Shinyproxy to easily manage users and groups. But maybe there is one thing that I misunderstood, but I cannot access the application on my web browser.
Here my application.yml file :
shiny:
proxy:
title: Open Analytics Shiny Proxy
logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8085
authentication: none
admin-groups: admin
# Example: 'simple' authentication configuration
users:
- name: avelt
password: test
groups: admin
# Example: 'ldap' authentication configuration
ldap:
url: ldap://ldap.forumsys.com:389/dc=example,dc=com
user-dn-pattern: uid={0}
group-search-base:
group-search-filter: (uniqueMember={0})
manager-dn: cn=read-only-admin,dc=example,dc=com
manager-password: password
# Docker configuration
docker:
cert-path: /home/none
url: http://148.121.147.112:2375
port-range-start: 20000
apps:
- name: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
docker-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
docker-image: openanalytics/shinyproxy-demo
groups: adminlogging:
file:
shinyproxy.log
For now, I don't use authentication with LDAP, I prefer to walk things one by one. I work on a server whose address is of type : http: //148.121.147.112: 2375. I use the 2375 port, which seems to be the default port of docker.
I have built your image in my docker.
sudo docker images :
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
greatshinyapp latest debe57f07ec7 17 hours ago 2.172 GB
hello-world latest 690d80202531 9 days ago 1.848 kB
openanalytics/shinyproxy-demo latest 59a414c9b6e5 11 days ago 828 MB
thinkr/rfull latest 26f8217e95a3 8 months ago 2.018 GB
I chose port 8085 for shinyproxy because my 8080 port is already used.
Now, I launched :
java -jar /path/to/shinyproxy-1.0.2.jar
All seem to work fine, I have the following lines :
...
2017-11-30 10:18:19.081 INFO 46695 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-11-30 10:18:19.918 INFO 46695 --- [ main] o.s.l.c.support.AbstractContextSource : Property 'userDn' not set - anonymous context will be used for read-write operations
2017-11-30 10:18:20.203 INFO 46695 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2017-11-30 10:18:20.390 INFO 46695 --- [ main] b.c.e.u.UndertowEmbeddedServletContainer : Undertow started on port(s) 8085 (http)
Ok, I open my web browser and I type :
http://148.121.147.112:8085/
But I have "ERR_CONNECTION_REFUSED" in Google chrome and "The connection failed" in Firefox. I don't understand the problem. I use shiny server on my port 3838 and when I type :
http://148.121.147.112:3838/greatshinyapp
I can access to my application.
Can you see the problem ? I used the false address ?
Thank you.
Best,
Amandine
I’m accessing my ShinyProxy applications in latest Chrome on the latest MacOS, the status is showing at the bottom of the page and is overlayed on the status bar of the browser.
Hi everyone,
I hit a problem that when a user sends an error report using the "Report issue" button, he is redirected back to the homepage. I think this is an invalid behaviour and can be considered as a bug because it is possible that the error is somehow recoverable or just not crucial, but the current R/Shiny session is lost. It should be possible to send the error report and stay at the current page.
Hey,
Here's our docker-compose setup witih port bindings
[ec2-user@ip-10-10-0-15 oasis_build]$ docker-compose -f docker-compose.oasis.yml -f docker-compose.flamingo.ci.yml -f docker-compose.flamingo.test.yml ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------------------------
oasisbuild_chrome_1 /opt/bin/entry_point.sh Up
oasisbuild_firefox_1 /opt/bin/entry_point.sh Up
oasisbuild_flamingo_server_1 /bin/sh -c sh /var/www/oas ... Exit 1
oasisbuild_oasis_api_server_1 /bin/sh -c sed -i -e "s/%R ... Up 0.0.0.0:8001->80/tcp
oasisbuild_oasis_mysql_1 docker-entrypoint.sh mysqld Up 3306/tcp
oasisbuild_oasis_rabbit_1 docker-entrypoint.sh rabbi ... Up 15671/tcp, 0.0.0.0:15672->15672/tcp, 25672/tcp, 4369/tcp, 5671/tcp, 5672/tcp
oasisbuild_selenium_hub_1 /opt/bin/entry_point.sh Up 0.0.0.0:4444->4444/tcp
oasisbuild_shiny_proxy_1 /bin/sh -c sed -i s/%FLAMI ... Up 0.0.0.0:32780->8080/tcp
I checked the logs of shiny_proxy and this is the error
shiny_proxy_1 | 2018-01-05 19:09:11.720 WARN 26 --- [ XNIO-2 task-15] eu.openanalytics.services.DockerService : Container unresponsive, trying again (2/10): http://172.18.0.1:20001
I checked the host and this is the container on 20001
[ec2-user@ip-10-10-0-15 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bb74f26bcc7b coreoasis/flamingo_shiny:R_0_0_0_109 "R -e flamingo::ru..." 5 minutes ago Up 5 minutes 0.0.0.0:20001->3838/tcp dreamy_booth
Can you help is debug this as to why it can make the container on the host, but then thinks it can't talk to it, when it clearly can? (we checked manually)
Many thanks,
Paul
There is a configuration option internal-networking
which allows running Shiny Proxy inside a Docker container:
shiny:
proxy:
docker:
internal-networking: true
This option does not work directly. There are the following problems:
The app containers are created without linking them to the Shiny Proxy container and without specifying a Docker network. Therefore, Shiny Proxy is not able to connected to the app containers. When no network is specified, Docker connects the new container to the default bridge network. This is not recommended anymore. The bridge network has no name resolution, one has to use the link
option instead. I think it would be better to start the app containers in a special network so the name resolution works without problems.
Solution at the moment: Run in background a script which connects the Shiny Proxy and the app containers to a manually created Docker network.
Shiny Proxy does not support connecting to Docker with a Unix domain socket anymore, although in the past it has worked. Therefore, one can not just mount the host Docker socket /var/run/docker.sock
as a volume and use it directly.
Solution at the moment: Either activate the TCP socket (no so easy to configure secure) or use socat inside the container:
socat TCP-LISTEN:2375,reuseaddr,fork,bind=127.0.0.1 UNIX-CONNECT:/var/run/docker.sock
I have written a Python script which circumvents the problems:
https://github.com/Ununnilium/shinyproxy-docker
Although the script works good, I think it would be good to fix the problems directly in Shiny Proxy.
I built and ran the project using java -jar shinyproxy-0.8.0.jar and navigated to http://localhost:8080/. Logged in and tried to navigate to the test applications but am getting a status code 500 error.
Error
Status code: 500
Message: Failed to start container: java.util.concurrent.ExecutionException: javax.ws.rs.ProcessingException: org.apache.http.conn.HttpHostConnectException: Connect to localhost:2375 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused
Hi ,
I think implementing a JDBC authentication method with common database back ends (postgres, mysql, ...) is a good idea.
Thanks so much for all you hard work. I really like what you are doing.
Could it be possible to open multiple apps at the same time? e.g. in your shinyproxy-demo - open 01_hello on one browser tab and 06_tabsets on another? Love your work!
Hi,
Internet Explorer doesn't display apps properly. The app window doesn't fill the full height of the window but only a narrow bar:
Speculation: This might be related to the use of $(window).height()
in the template.
https://stackoverflow.com/questions/5692746/window-height-fails-on-ie9
Thanks for looking into this
I followed Getting Started guide and edited /lib/systemd/system/docker.service
as recommended: ExecStart=/usr/bin/dockerd -H fd:// -D -H tcp://127.0.0.1:2375
.
After daemon reloaded and restarted I got an error. Excerpts from journalctl -xe
:
no sockets found via socket activation: make sure the service was started by systemd
docker.service: Start request repeated too quickly.
In moby/moby#22847 there is a comment that states:
Docker 1.12 on CentOS no longer uses socket activation, so you need to remove the -H fd:// from the systemd unit file
I don't know is it related to Fedora, but without -H fd://
docker starts normally and demo apps from ShinyProxy work.
docker version
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:17 2017
OS/Arch: linux/amd64
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2017-11-27 16:57:02 +04; 20min ago
Docs: https://docs.docker.com
Main PID: 21535 (dockerd)
Tasks: 26 (limit: 4915)
Memory: 20.5M
CPU: 5.645s
CGroup: /system.slice/docker.service
├─21535 /usr/bin/dockerd -D -H tcp://127.0.0.1:2375
└─21543 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout
This issue was mentioned in this post
Looks like the issue will be gone if the docker.service is edited. However, as my last reply to the above post, in my case, I have a CentOS 7 and the config needs to be ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -D -H tcp://127.0.0.1:2375
rather than what the document says ExecStart=/usr/bin/dockerd -H fd:// -D -H tcp://127.0.0.1:2375
. Unfortunately this setting would not work with Swarm node, saying time out to start swarm container.
Hello,
Sometimes when we select an application to run, we get the following response:
Status code: 500
Message: Failed to start container: Request error: POST http://localhost:2375/containers/e810aff2af0f096d9b6199a015355a0903fe08cb55f72b5cd11890ee212e7341/start: 500, body: {"message":"driver failed programming external connectivity on endpoint ecstatic_golick (b942f4b87e84353fac1b52e8f17c0b7ec69143632cafcd4deb5f25a5e10f8172): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 20001 -j DNAT --to-destination 172.17.0.4:3838 ! -i docker0: iptables: No chain/target/match by that name.\n (exit status 1))"}
The complete stack trace is here: shiny-proxy-stack-trace.txt
We checked that the container was created, but was not started as expected:
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
...
e810aff2af0f aquarela/[hidden] "R '-e shiny::runA..." 13 hours ago Created ecstatic_golick
...
18556e7a896e aqrl-apps "/init" 8 days ago Up 22 minutes 0.0.0.0:3838->3838/tcp, 0.0.0.0:8787->8787/tcp epic_mccarthy
The environment we are running:
I am not sure this is a Shiny Proxy issue (we don't have much experience; this is our first try), but I think this would be the place to start investigating. If you need more information, please let me know. Thanks in advance!
Ubuntu 16.04
$ java -version
openjdk version "9-internal"
OpenJDK Runtime Environment (build 9-internal+0-2016-04-14-195246.buildd.src)
OpenJDK 64-Bit Server VM (build 9-internal+0-2016-04-14-195246.buildd.src, mixed mode)
$ java -jar shinyproxy-0.7.5.jar
2016-11-20 00:26:35.400 INFO 20339 --- [ main] e.o.components.UsageStatsCollector : Disabled. Usage statistics will not be posted.
2016-11-20 00:26:35.726 WARN 20339 --- [ main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalAccessError: class org.springframework.ldap.core.support.AbstractContextSource (in unnamed module @0x4b13c23c) cannot access class com.sun.jndi.ldap.LdapCtxFactory (in module java.naming) because module java.naming does not export com.sun.jndi.ldap to unnamed module @0x4b13c23c
2016-11-20 00:26:35.755 ERROR 20339 --- [ main] o.s.boot.SpringApplication : Application startup failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalAccessError: class org.springframework.ldap.core.support.AbstractContextSource (in unnamed module @0x4b13c23c) cannot access class com.sun.jndi.ldap.LdapCtxFactory (in module java.naming) because module java.naming does not export com.sun.jndi.ldap to unnamed module @0x4b13c23c
... MORE
I'm currently trying to use shinyproxy
on a windows machine, with docker-machine and virtualbox installed. However, everything goes fine except the java service can't connect the container. Here's the error message:
2017-08-30 11:16:30.322 INFO 622180 --- [ XNIO-2 task-2] c.s.docker.client.DefaultDockerClient : Starting container with Id: e68859a166fce86c55db59d37a9a0e33071ecde20d8a66304bcade6b2069957c
2017-08-30 11:16:33.254 WARN 622180 --- [ XNIO-2 task-2] eu.openanalytics.services.DockerService : Container unresponsive, trying again (2/10): https://192.168.99.101:20000
I tried the ip address 192.168.99.101:20000
with protocol http
and it works (before the container gets deleted). Since the java service is trying to connect https
, it fails as expected.
After some digging on the source code, I suspect the following code might be relevant, because proxy
's protocol and host
is read from hostURL
instead of the application.yml
(if my understanding is correct), in non-swarm mode.
Any ideas of how to use the correct protocol?
docker:
cert-path: C:/Users/amc038/.docker/machine/machines/default
url: https://192.168.99.101:2376
host: 192.168.99.101
port-range-start: 20000
URL hostURL = new URL(environment.getProperty("shiny.proxy.docker.url"));
proxy.host = hostURL.getHost();
proxy.protocol = hostURL.getProtocol();
using swarm
still not work, the java services just can't connect to the container...
2017-08-30 15:36:55.142 INFO 628292 --- [ XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 22 ms
2017-08-30 15:37:06.557 INFO 628292 --- [ XNIO-2 task-3] eu.openanalytics.services.DockerService : Container running in swarm [service: 01_hello_20000] [node: worker1]
2017-08-30 15:37:10.821 WARN 628292 --- [ XNIO-2 task-3] eu.openanalytics.services.DockerService : Container unresponsive, trying again (2/10): http://worker1:20000
I’m having problem launching the euler’s app on ShinyProxy. I can build the docker image without problem, and if I run it directly on Docker using the command:
docker run -it -p 3838:3838 openanalytics/shinyproxy-template
the app works as expected. However, when I try to run it on shinyproxy I get the following error:
Status code: 500
Message: Failed to start container: java.util.concurrent.ExecutionException: javax.ws.rs.ProcessingException: org.apache.http.conn.HttpHostConnectException: Connect to localhost:2375 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect
I’m using Docker Toolbox on Windows 10. The docker’s daemon runs at IP 192.168.99.100
We've been having an issue where a user gets kicked out of the app and back to the index page. It's very rare and unfortunately hard to reproduce. However, it might be useful to know that before we deployed #36, upon reentering the app, the user would get the "No Session ID Found" error. If it matters, we're using keycloak for authentication.
Any help narrowing this down, or hints on where to look, would be very much appreciated.
I previously ask a question in community support. Now I guess it may be a bug so put it here with more details
shiny:
proxy:
port: 8080
authentication: keycloak
admin-groups: admins
keycloak:
realm: 'shinyproxy'
auth-server-url: 'http://***.***.***.**:8180/auth'
resource: 'shinyapps'
credentials-secret: *****************
docker:
internal-networking: true
apps:
- name: 001_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
docker-cmd: ["R", "-e", "shiny::runApp('/root/shinyapps/001-hello')"]
docker-image: shizidushu/shinyproxy-apps-in-use:latest
docker-network: net-overlay
- name: text
display-name: text
description: Application which demonstrates the basics of a Shiny app
docker-cmd: ["R", "-e", "shiny::runApp('/root/shinyapps/002-text')"]
docker-image: shizidushu/shinyproxy-apps-in-use:latest
docker-network: net-overlay
logging:
file:
shinyproxy.log
I run Shinyproxy(1.1.1) in container. And it works well with simple authentication.
When I open http://...:8080/, it automatically redirect to http://...:8080/sso/login and then returns error.
It displays:
Error
Status code: 403
Message:
Stack Trace:
I check the network in browser, it show it first send a GET request to http://...:8080/auth with 302 returned then it send a GET request to http://...:8080/sso/login with 403 returned.
And when I try to open http://..*.:8080/login directly in browser and log in, it returns 405 error.
Hi,
I noticed that the iframe is 50px too short when disabling the navbar with hide-navbar: true
in the config file. Indeed, disabling the navbar does not disable the javascript setShinyframeHeight()
function.
Cheers
PS: fix in pull request #17
I'm running into an issue in Chrome where websockets are erroring out with "(Opcode -1)". This was originally with 0.9.2, but I just updated to 0.9.3 today and am still having the issue.
Opcode -1 isn't a valid opcode, which led me to Wireshark the connection. This confirmed that data was being sent after the server sent a close connection.
The signal appears to be sent from here, but I'm not that familiar with Shiny, and our R devs aren't aware of a reason for this. Firefox reports Firefox can’t establish a connection to the server at `. I understand Shiny should fall back to Ajax, but it doesn't look like that's happening.
I'm not positive this is a ShinyProxy problem, but I'm not really sure what's causing it at this point.
Hi - First of all, thank you for Shinyproxy!
Looking forward to authentication via JDBC and would also love authorisation at group level by a mixture of both that and LDAP. (LDAP for the authentication, JDBC for the group) ;-)
Oh yea, I can't get to the wiki anymore - not sure if it's gone or blocked from here?
Cheers!
Using this application.yml file and the nginx config below I'm able to see the landing page at http://165.227.184.97/, but it can't find the appropriate web assets (e.g., bootstrap).
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
Not sure where to look to investigate (I'm not very familiar with Java/Spring), so any pointers would be much appreciated!
I would like to embed my shiny apps running on shinyproxy into a website running out of a different server. I've tried using iframes, but for some reason the iframe sent by shinyproxy is empty (see here: http://theswarmlab.com/shiny/opinion_dynamics/), while the app displays properly on the shinyproxy server (http://165.230.88.17:8080/app/01_opinion_dynamic).
I have no clue why this is happening. I don't think there is anything weird with the way I use iframes since the app shows properly when running out of a shiny server (here is another app embedded on the same website using iframes from a shiny server: http://theswarmlab.com/shiny/axelrod/).
I want to setup shinyproxy against an Active Directory server that does not support bind authentication support as the directory is highly structured and users are stored below many different paths.
What worked well for me so far and what I could configure with Spring XML based configuration was to use the password comparison authentication module.
When setting up shinyproxy as in the manual, shinyproxy never tries to bind with the manager-dn
and manager-password
but goes straight to the logged in user.
The relevant snippet in my configuration looks as follows.
shiny:
proxy:
# LDAP configuration
ldap:
url: ldap://s-dc-bih01.example.com/
user-dn-pattern: sAMAccountName={0}
user-search-base: OU=sub1,DC=example,DC=com
group-search-base:
group-search-filter: (uniqueMember={0})
manager-dn: CN=user,OU=sub2,OU=sub1,DC=example,DC=com
manager-password: XXXREDACTEDXXX
security:
basic:
enabled: false
Am I doing anything wrong?
Thanks
I have the new version of Docker for Mac, which is a bit different than Docker Toolbox (https://docs.docker.com/docker-for-mac/docker-toolbox/).
To the Docker demo, I add the port (in Kitematic):
Docker port = "3838" -> MacIP:port = "localhost:2375"
When starting the server and trying to open 01_hello Shiny app, I get the following error:
Status code: 500
Message: Failed to start container: Request error: POST http://localhost:2375/containers/create: 413
Getting the log from syslog -k Sender Docker
I see:
: Created instance tcp:0.0.0.0:2375:tcp:172.17.0.2:3838
Possibly related to #4 ?
When application.yml
is present (used default example on website, plus a trimmed-down version), I get the following error when running java -jar shinyproxy-0.9.1.jar
:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NullPointerException
This error only occurs when the config file is present. On its own, it works fine. Logs are below:
Fail (with application.yml): https://pastebin.com/4CDqMG38
Success (no config file): https://pastebin.com/mXrF1bLS
root@shinyproxy: # java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.