How to use shinymanager r package on remote server?

Question

Could someone adapt the code below to be used on a remote server? I couldn't find any simple example on the package pages or on the internet that addressed this issue. Here's the code:

global.r

# Init DB using credentials data
credentials <- data.frame(
  user = c("shiny", "shinymanager"),
  password = c("azerty", "12345"),
  # password will automatically be hashed
  admin = c(FALSE, TRUE),
  stringsAsFactors = FALSE
)

# you can use keyring package to set database key
library(keyring)
key_set("R-shinymanager-key", "obiwankenobi")

# Init the database
create_db(
  credentials_data = credentials,
  sqlite_path = "www/database.sqlite", # will be created
  passphrase = key_get("R-shinymanager-key", "obiwankenobi")
)

ui.r

library(shiny)
library(shinymanager)

ui <- fluidPage(
  tags$h2("My secure application"),
  verbatimTextOutput("auth_output")
)

ui <- secure_app(ui, enable_admin = TRUE)

server.r

server <- function(input, output, session) {

  # check_credentials directly on sqlite db
  res_auth <- secure_server(
    check_credentials = check_credentials(
        "www/database.sqlite",
        passphrase = key_get("R-shinymanager-key", "obiwankenobi")
        # passphrase = "passphrase_wihtout_keyring"
    )
  )

  output$auth_output <- renderPrint({
    reactiveValuesToList(res_auth)
  })

  # your classic server logic
}

The file .log in /var/log/shiny-server/testeshimanager is:

su: ignore --preserve-environment, it's mutually exclusive to --login.
Error in b_file_set(self, private, service, username, keyring, prompt) :
  Aborted setting keyring key
Calls: runApp ... ..stacktraceon.. -> key_set -> <Anonymous> -> b_file_set
Execution halted

I didn't find anything doable to unravel such error. Just for information, the shiny server is running perfectly. Another example, very simple, works. Therefore, all folders and files have maximum execution permission, that is, chmod -R 777. The difficulty lies precisely in using the shinymanager package on the remote server.

Answer 1

After a lot of research and study, I managed to make shinymanager work on the server. However, after adding two command lines and the app working, the exhausting process began. I will summarize in steps according to the experience I had. I don't know if it's the best, because I'm not a database connoisseur, much less information security.

• First, let's change the global.R file.

global.R

library(shinymanager)
library(keyring)
# Init DB using credentials data
credentials <- data.frame(
  user = c("shiny", "shinymanager"),
  password = c("azerty", "12345"),
  # password will automatically be hashed
  admin = c(FALSE, TRUE),
  stringsAsFactors = FALSE
)

# you can use keyring package to set database key
#key_set("R-shinymanager-key", "obiwankenobi")
services <-"R-shinymanager-key"
usernames <- "obiwankenobi"  
keyring_create("system", password="secret")
keyring_unlock(keyring = "system", password = "secret") 
key_set_with_value(service=services, username=usernames)

# Init the database
create_db(
  credentials_data = credentials,
  sqlite_path = "www/database.sqlite", # will be created
  passphrase = key_get(services, usernames)
)

• Second, after making the necessary changes, restart the shiny server (I don't know if it's necessary, but I did it to eliminate chances).

user@centos# sudo systemctl stop shiny-server
user@centos# sudo systemctl restart shiny-server

• third, if any error occurs, ckeck if the database.sqlite was created! If not, then check with the shiny user if the key was created, delete them and start over from step two In the terminal,

user@centos# su - shiny
-SH-4.2$ R

and then in R,

keyring::keyring_list()#to see the keys
keyring::keyring_delete("name from previous output")

• Fourth, as a suggestion: if the database.sqlite file was created, you can comment out the lines keyring_create("system", password="secret") and keyring_unlock(keyring = "system", password = "secret") in the global.R file. Once that was done, I changed the permissions of the database.sqlite file with chmod 777 database.sqlite.

Finally the login screen appeared. Hope it helps someone.