Skip to main content
Skip table of contents

Secure Shinydocs Dashboards and Control Center Access with IIS Reverse Proxy

This guide assumes you are using Windows Server edition. If you are using Windows 10 or 11, use Turn Windows features on or off.

Using this configuration will provide an authentication gate to access the platforms, once authenticated, configured users will have access to all content in the respective platform.

This guide covers configuring an IIS reverse proxy to configure which AD users and groups can access Shinydocs Dashboards or Control Center. You can set up both with this method, but you must set them to different physical paths and ports.

Preconditions

  • Have Shinydocs Pro installed

  • If you are configuring Shinydocs Pro Control Center, you will need to be bound to HTTP instead of the default HTTPS for the reverse proxy

    • Note: You will be configuring SSL in IIS instead

Guide

(Control Center only) Step 0: Change Control Center to bind on localhost only and HTTP

  1. Backup the Configuration File

    • Go to the installation directory: [install location]\Shinydocs Professional\ControlCenter.

    • Make a copy of the appsettings.Production.json file as a backup.

  2. Edit the Configuration File

    1. Open the original appsettings.Production.json file in a text editor.

    2. Update the file with the following configuration:

      CODE
      {
        "Kestrel": {
          "Endpoints": {
            "Http": {
              "Url": "http://localhost:9701"
            }
          }
        }
      }
    3. Save the file after making the changes.

  3. Restart the Service

    • Restart the Shinydocs Pro Control Center Windows service to apply the new configuration.

  4. Verify Access

    • Open a browser on the machine where Shinydocs Pro Control Center is installed.

    • Go to http://localhost:9701 to confirm that the site is accessible locally.

Step 1: Set Up IIS

  1. Open Server Manager and click Manage > Add Roles and Features.

  2. Choose Role-based or feature-based installation, then click Next.

  3. Select your server from the server pool, then click Next.

  4. In the Server Roles section, ensure URL Authorization and Windows Authentication are selected.

  5. Complete the wizard.

  6. Download and install:

Step 2: Add Your Website

  1. Open IIS Manager.

  2. Right-click Sites and select Add Website.

  3. Fill out the following fields using your values:

    • Site name: The name of your site as it will appear in IIS

      • Suggestions:

        • Shinydocs Pro Control Center

        • Shinydocs Pro Dashboards

    • Physical path: C:\inetpub\wwwroot\ShinydocsPro

      • You can choose any physical path you like, it will create the web.config file for IIS in this directory.

    • Type: HTTPS

    • IP address: All Unassigned

    • Port: 443

      • You can use any port you would like that is available

    • Host name: Your hostname

    • SSL certificate: Select your certificate (e.g., my self-signed certificate JARVIS)

  4. Click OK to create the site.

Step 3: Configure the Reverse Proxy

  1. Select your website in IIS Manager, then click URL Rewrite.

  2. In the Actions panel, click Add Rules.

    urlrewritepage-20241212-141827.png
  3. Select Reverse Proxy and click OK.

  4. Set the internal URL and the external URL.

    1. For internal URL:

      1. Dashboards: localhost:5601

      2. Shinydocs Control Center: localhost:9701

  5. Enable Rewriting of domain names under Outbound Rules.

  6. Click OK to save the settings.

Dashboards (port 5601)

image-20241212-142246.png

Control Center (port 9701)

image-20241212-142305.png

Step 4: Configure Server Variables

  1. With your site selected, go to URL Rewrite and click View Server Variables.

    servervars-20241212-142941.png
  2. Add these variables:

    • HTTP_ACCEPT_ENCODING

    • HTTP_X_ORIGINAL_ACCEPT_ENCODING

  3. Go back, select the Inbound Rule in URL Rewrite and click Edit.

    editinbound-20241212-143130.png
    • Under Server Variables

      • Add HTTP_X_ORIGINAL_ACCEPT_ENCODING to {HTTP_ACCEPT_ENCODING}.

      • Add HTTP_ACCEPT_ENCODING with a placeholder value (e.g., abc).

  4. Click Apply (top-right) to save the configuration.

  5. Edit the web.config file in your site's directory (C:\inetpub\wwwroot\ShinydocsPro):

    • Replace the placeholder value (abc) with an empty string.

    • Add the following under <configuration>:

      CODE
      <system.web>
          <httpRuntime requestPathInvalidCharacters="" relaxedUrlToFileSystemMapping="true" />
      </system.web>
  6. Save the file.

  7. Go to URL Rewrite and click Add Rules. Choose Blank Rule under Outbound Rules

  8. Name the rule RestoreAcceptEncoding. In the settings, choose <Create New Precondition…>.

  9. Name the rule NeedsRestoringAcceptEncoding, check Using is set to Regular Expressions and Logical grouping is set to Match All.

  10. Add a condition to the precondition:

    • For Condition input, type {HTTP_X_ORIGINAL_ACCEPT_ENCODING} (include the curly braces).

    • For Pattern, type .+.

    • Click OK twice to close the condition setup.

  11. Back in the rule settings, go to Match and set Matching Scope to Server Variable.

    • For Variable name, type HTTP_ACCEPT_ENCODING.

    • For Pattern, type ^(.*).

  12. In the Action section, do the following:

    • Set Action type to Rewrite.

    • For Value, type {HTTP_X_ORIGINAL_ACCEPT_ENCODING} (include the curly braces).

  13. Click Apply to save the rule.

Step 5: Configure User Authentication

  1. Select your site in IIS Manager and click Authentication.

  2. Disable Anonymous Authentication and enable Windows Authentication.

  3. Go back to the main IIS screen and select .NET Authorization Rules or Authorization Rules (whichever is available on your computer).

  4. Delete the default Allow All Users rule.

  5. Choose one of the following options based on your needs:

    1. All users: Allows everyone to access the web content. Use this only if there are no security concerns about unrestricted access.

    2. All anonymous users: Not recommended.

    3. Specified roles or user groups: Restricts access to specific user groups. Use this option when you want only users in certain groups, such as administrators, to have access.

    4. Specified users: Limits access to specific individuals. Use this for precise control over who can access the content.

Your Shinydocs Pro site should now be accessible securely and configured with user authentication. Try right-clicking on the site in IIS Manager > Manage Website > Browse. If you experience any issues, review the steps and ensure all configurations match the guide.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.