This is an attempt of managing shiny authentication with django starting from Django application as an authentication / authorization server for Shiny guide and modifying stuff accordingly. The django template derive from this repository while the shiny specific configuration comes from here. The aim of this project is to provide both free and restricted access to shiny applications relying on django authentication system and nginx. Applications could be accessed using the django frontend as a container of an iframe application or directly by specifying the path of the application. A specific NGINX configuration will be responsible to provide access to shiny applications relying on django authentication system.
If you need more information please see our Wiki on GitHub
All this stuff works inside a docker compose image and need docker and docker-compose to work. Please refer to the official documentation on how to install docker and docker-compose
The shiny-server
project is composed by four different docker containers:
db
: a MySQL database which stores information about users credentialsshiny
: arocker/shiny
based images with few dependencies installed to render shiny applicationsuwsgi
: a Django base image which implements views and authentication systemnginx
: used as a proxy to connectshiny
anduwsgi
backends. A special configuration location lets to provide shiny contents to authenticated users
Clone this project and enter in project directory:
$ git clone https://github.com/cnr-ibba/shiny-server.git
$ cd shiny-server
This location will be referred as working directory, since all commands need to be launched inside this directory. This directory will also contains all the shiny application data, database and configuration files.
docker-compose
can read environment variables from a .env
placed in the working
directory in which we can define all variables useful for our containers, like database
credentials. Edit a new .env
file in working directory and set values for such
environment variables accordingly:
MYSQL_ROOT_PASSWORD=<root_password>
SHINY_DATABASE=<shiny_db>
SHINY_USER=<shiny_user>
SHINY_PASSWORD=<shiny_password>
SECRET_KEY=<your SECRET_KEY>
DEBUG=False
ADMINS=<admin name1>:<admin email>
DEFAULT_FROM_EMAIL=<your email from>
EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
EMAIL_HOST=<your stmp server>
EMAIL_HOST_PASSWORD=<your smtp password>
EMAIL_HOST_USER=<your smtp password>
EMAIL_PORT=<your email port address>
EMAIL_USE_TLS=<set 'True' to use TLS, false otherwise
In order to build the images according to the docker-compose.yml
specifications,
Docker needs download and install all required dependencies; it will need several
minutes to complete. Launch this command from the working directory:
$ docker-compose build
You will also to check file permissions in django-data
folder, expecially for media
folder:
$ docker-compose run --rm uwsgi sh -c 'chmod -R g+rw media && chmod g+rwx media/thumbnails/'
$ docker-compose run --rm uwsgi sh -c 'chgrp -R www-data .'
After inizialization, a new django user with administrative privilges is needed. This is not the default mysql user, but a user valid only in django environment. Moreover the django tables need to be defined:
$ docker-compose run --rm uwsgi python manage.py check
$ docker-compose run --rm uwsgi python manage.py migrate
$ docker-compose run --rm uwsgi python manage.py makemigrations
$ docker-compose run --rm uwsgi python manage.py migrate
$ docker-compose run --rm uwsgi python manage.py createsuperuser
The last commands will prompt for a user creation. This will be a new django
admin user, not the database users described in env
files. Track user credentials
since those will be not stored in .env
file in shiny-server
directory.
Test your fresh InjectTool installation with:
$ docker-compose run --rm uwsgi pytest
Pages are served by an nginx docker container controlled by Docker Compose
(see the docker-compose.yml
file content), which is linked to the shiny
server and django instance. In order to start the application:
$ docker-compose up -d
The shiny-server interface is available for a local access through Internet browser
at the URL: http://localhost:22080/
.