From bd59ab6794d210f5997db86b7ebcdfe2fd47b96e Mon Sep 17 00:00:00 2001
From: GreasyCat <131315c@gmail.com>
Date: Fri, 3 Nov 2023 13:41:47 -0700
Subject: [PATCH] add reverse proxy to server management

---
 .../user_management/adding-ssh-key.md         |  1 -
 _server_management/user_management/index.md   |  1 -
 .../{ => web_services}/index.md               |  4 +--
 .../web_services/reverse_proxy/index.md       |  7 ++++
 .../reverse_proxy/rstudio-server.md           | 34 +++++++++++++++++++
 5 files changed, 43 insertions(+), 4 deletions(-)
 rename _server_management/{ => web_services}/index.md (65%)
 create mode 100644 _server_management/web_services/reverse_proxy/index.md
 create mode 100644 _server_management/web_services/reverse_proxy/rstudio-server.md

diff --git a/_server_management/user_management/adding-ssh-key.md b/_server_management/user_management/adding-ssh-key.md
index 30716e8..339119e 100644
--- a/_server_management/user_management/adding-ssh-key.md
+++ b/_server_management/user_management/adding-ssh-key.md
@@ -3,7 +3,6 @@ layout: default
 title: Using SSH key to login
 nav_order: 2
 parent: User Management
-grand_parent: Server Management
 ---
 
 # Tired of typing password every time you login onto Hopper?
diff --git a/_server_management/user_management/index.md b/_server_management/user_management/index.md
index c447e1b..46dd513 100644
--- a/_server_management/user_management/index.md
+++ b/_server_management/user_management/index.md
@@ -2,6 +2,5 @@
 layout: default
 title: User Management
 nav_order: 1
-parent: Server Management
 has_children: true
 ---
\ No newline at end of file
diff --git a/_server_management/index.md b/_server_management/web_services/index.md
similarity index 65%
rename from _server_management/index.md
rename to _server_management/web_services/index.md
index 095da9e..a4aa7ee 100644
--- a/_server_management/index.md
+++ b/_server_management/web_services/index.md
@@ -1,6 +1,6 @@
 ---
 layout: default
-title: Server Management
+title: "Web Services"
 nav_order: 2
 has_children: true
----
\ No newline at end of file
+---
diff --git a/_server_management/web_services/reverse_proxy/index.md b/_server_management/web_services/reverse_proxy/index.md
new file mode 100644
index 0000000..15b4754
--- /dev/null
+++ b/_server_management/web_services/reverse_proxy/index.md
@@ -0,0 +1,7 @@
+---
+layout: default
+title: Reverse Proxies
+nav_order: 1
+parent: Web Services
+has_children: true
+---
diff --git a/_server_management/web_services/reverse_proxy/rstudio-server.md b/_server_management/web_services/reverse_proxy/rstudio-server.md
new file mode 100644
index 0000000..99e8489
--- /dev/null
+++ b/_server_management/web_services/reverse_proxy/rstudio-server.md
@@ -0,0 +1,34 @@
+---
+layout: default
+title: RStudio Server
+nav_order: 1
+parent: "Reverse Proxies"
+grand_parent: "Web Services"
+---
+
+As of the date 11/03/2023, I couldn't find a solution to reverse proxy Nginx in an elegant manner. The primary issue is that, for some reason, all static files from the RStudio Server, except HTML, were returning a 404 error.
+
+However, I eventually discovered a workaround while experimenting with the Nginx configuration file. I added an additional redirect rule specifically for static files. While this solution is not elegant and may potentially expose some vulnerabilities due to changes in the `Content-Security-Policies`, considering that we're only running analyses within an intranet, I don't believe the vulnerability is severe.
+
+Here's the excerpt from the Nginx site configuration:
+
+```nginx
+location /rstudio/
+    {
+        rewrite ^/rstudio/(.*)$ /$1 break;
+        proxy_pass http://localhost:8787;
+        proxy_http_version 1.1;
+        add_header Content-Security-Policy "default-src 'self' * 'unsafe-eval' 'unsafe-inline' data:;";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_read_timeout 20d;
+
+        proxy_set_header X-RStudio-Request $scheme://$host:$server_port$request_uri;
+        proxy_set_header X-RStudio-Root-Path /rstudio;
+    }
+
+    location ~ ^/rstudio/(.*(.css|.js|.jpg|.jpeg|.png|.gif|.svg|.ico))$
+    {
+        proxy_pass http://localhost:8787/$1;
+    }
+```
\ No newline at end of file