add reverse proxy to server management

ChrastilLab · Nov 3, 2023 · bd59ab6 · bd59ab6
1 parent 805f2f5
commit bd59ab6
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 4 deletions.
diff --git a/_server_management/user_management/adding-ssh-key.md b/_server_management/user_management/adding-ssh-key.md
@@ -3,7 +3,6 @@ layout: default
 title: Using SSH key to login
 nav_order: 2
 parent: User Management
-grand_parent: Server Management
 ---
 
 # Tired of typing password every time you login onto Hopper?

diff --git a/_server_management/user_management/index.md b/_server_management/user_management/index.md
@@ -2,6 +2,5 @@
 layout: default
 title: User Management
 nav_order: 1
-parent: Server Management
 has_children: true
 ---
diff --git a/_server_management/index.md → _server_management/web_services/index.md b/_server_management/index.md → _server_management/web_services/index.md
@@ -1,6 +1,6 @@
 ---
 layout: default
-title: Server Management
+title: "Web Services"
 nav_order: 2
 has_children: true
----
+---
diff --git a/_server_management/web_services/reverse_proxy/index.md b/_server_management/web_services/reverse_proxy/index.md
@@ -0,0 +1,7 @@
+---
+layout: default
+title: Reverse Proxies
+nav_order: 1
+parent: Web Services
+has_children: true
+---
diff --git a/_server_management/web_services/reverse_proxy/rstudio-server.md b/_server_management/web_services/reverse_proxy/rstudio-server.md
@@ -0,0 +1,34 @@
+---
+layout: default
+title: RStudio Server
+nav_order: 1
+parent: "Reverse Proxies"
+grand_parent: "Web Services"
+---
+
+As of the date 11/03/2023, I couldn't find a solution to reverse proxy Nginx in an elegant manner. The primary issue is that, for some reason, all static files from the RStudio Server, except HTML, were returning a 404 error.
+
+However, I eventually discovered a workaround while experimenting with the Nginx configuration file. I added an additional redirect rule specifically for static files. While this solution is not elegant and may potentially expose some vulnerabilities due to changes in the `Content-Security-Policies`, considering that we're only running analyses within an intranet, I don't believe the vulnerability is severe.
+
+Here's the excerpt from the Nginx site configuration:
+
+```nginx
+location /rstudio/
+    {
+        rewrite ^/rstudio/(.*)$ /$1 break;
+        proxy_pass http://localhost:8787;
+        proxy_http_version 1.1;
+        add_header Content-Security-Policy "default-src 'self' * 'unsafe-eval' 'unsafe-inline' data:;";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_read_timeout 20d;
+
+        proxy_set_header X-RStudio-Request $scheme://$host:$server_port$request_uri;
+        proxy_set_header X-RStudio-Root-Path /rstudio;
+    }
+
+    location ~ ^/rstudio/(.*(.css|.js|.jpg|.jpeg|.png|.gif|.svg|.ico))$
+    {
+        proxy_pass http://localhost:8787/$1;
+    }
+```