SSL Termination with the new ECS backend #499
Comments
|
Hi It should be possible to add TLS to ShinyProxy using the Spring Boot configuration, see e.g. https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl and https://docs.spring.io/spring-boot/how-to/webserver.html#howto.webserver.configure-ssl . However, I did not try this yet. An alternative could be to create a custom ShinyProxy container and adding nginx on top. E.g. you start from the ShinyProxy image, install nginx and configure it to use TLS. |
|
@moreauchr hi, have you successfully implemented the minimal example using ECS as backend provided on shinyproxy github configuration example? I have been experimenting with this many times, but all failed with following issue logs posted in below link: openanalytics/shinyproxy-config-examples#43 Any one can help with this? Much appreciated! |
|
@LEDfan I am actually quite puzzled by the Dockerfile posted in 20.ecs minimal example : COPY application.yml /opt/shinyproxy/ when I implement this dockerfile, it actually did not work at all. But if I remove "-snapshot", it will work. But eventually not working on ECS as expected, the issue will show like in above link. |
|
I actually tried to get openanalytics/shinyproxy-snapshot:3.1.1 docker image from dockerhub, but it said not existing as below: |
|
The main issue I encountered is: |
Hello,
so far the documentation said for SSL termination you recommend running an nginx reverse proxy. Our setup so far encompassed EC2 instances running ShinyProxy via Docker and have an additional container running the reverse proxy and routing all ShinyProxy traffic through the loopback interface of the machine without any other network transit.
Now we want to experiment with ECS but are still under the requirement that traffic coming in from the AWS application load balancer to the ShinyProxy ECS task container needs to be encrypted as well. Is there any way to place certificates / chains into the ShinyProxy container and let e.g. SpringBoot handle the SSL termination at application level directly? As far as i know spinning up a side car container in the task of Shinyproxy will still spawn 2 individual containers that communicate over network unencrypted for the part of the way. Is there a way to remedy this to have SSL encrypted traffic in the VPC?
For our tests we are currently using a very minor modified version of the environment that you provide in the 20/21 ecs examples section from your shinyproxy examples repo.
Much thanks and keep up the good work to provide a useful tool for the deployment of shiny apps!
The text was updated successfully, but these errors were encountered: