LEDfan
commented
3 months ago Hi
It should be possible to add TLS to ShinyProxy using the Spring Boot configuration, see e.g. https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl and https://docs.spring.io/spring-boot/how-to/webserver.html#howto.webserver.configure-ssl . However, I did not try this yet. An alternative could be to create a custom ShinyProxy container and adding nginx on top. E.g. you start from the ShinyProxy image, install nginx and configure it to use TLS.
sound118
Hello, so far the documentation said for SSL termination you recommend running an nginx reverse proxy. Our setup so far encompassed EC2 instances running ShinyProxy via Docker and have an additional container running the reverse proxy and routing all ShinyProxy traffic through the loopback interface of the machine without any other network transit.
Now we want to experiment with ECS but are still under the requirement that traffic coming in from the AWS application load balancer to the ShinyProxy ECS task container needs to be encrypted as well. Is there any way to place certificates / chains into the ShinyProxy container and let e.g. SpringBoot handle the SSL termination at application level directly? As far as i know spinning up a side car container in the task of Shinyproxy will still spawn 2 individual containers that communicate over network unencrypted for the part of the way. Is there a way to remedy this to have SSL encrypted traffic in the VPC?
For our tests we are currently using a very minor modified version of the environment that you provide in the 20/21 ecs examples section from your shinyproxy examples repo.
Much thanks and keep up the good work to provide a useful tool for the deployment of shiny apps!