Looking for advice on best practice and feasibility. I want to put a pre-existing custom app (Shiny/R-based) behind a reverse proxy for authentication (password-protection) purposes, using oauth2_proxy, nginx or ShinyProxy.
I don’t want to spend lots of time on infrastructure as this is not my main job – I’d like the convenience of the App Platform to update and manage the app itself, but how best to integrate a reverse proxy? Most of the online tutorials I’ve found (some examples below) suggest using docker-compose.yml to launch the multiple services (which is not applicable to DO App Platform as far as I can tell).
Is it better to integrate installation of the proxy into the app’s DOCKERFILE, or is there some more sensible way to run a reverse proxy to protect the app behind authentication? Droplet? Or do I need to look into Kubernetes instead of App Platform?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi there,
Indeed, the App Platform does not support this out of the box, but this should be achievable.
1. Integrating the Reverse Proxy into your existing Dockerfile
If you prefer to stick with the App Platform and avoid additional infrastructure, you can integrate the reverse proxy directly into your app’s Dockerfile. This approach involves setting up the reverse proxy (like nginx with OAuth2 Proxy) within the same container as your Shiny app.
Example Dockerfile
Here’s an example Dockerfile snippet that shows how you might set this up:
nginx.conf Example
An example
nginx.conf
for reverse proxying might look like this:2. Using DigitalOcean Droplet for Reverse Proxy
If you find integrating the proxy into the Dockerfile too complex, you can run the reverse proxy on a separate DigitalOcean Droplet. The Droplet would handle authentication and proxy requests to your Shiny app running on the App Platform.
Steps:
I’ve seen a similar question in the past regarding the same setup, here is the discussion that covers some of the blockers that you might hit along the way:
https://www.digitalocean.com/community/questions/nginx-proxy-server-to-app-platform-app-is-getting-a-403-access-denied-cloudflare-error
An alternative option here would be to use a Managed Kubernetes cluster instead of the App Platform:
-\ Bobby