Secure Shinydocs Dashboards and Control Center Access with IIS Reverse Proxy
This guide assumes you are using Windows Server edition. If you are using Windows 10 or 11, use Turn Windows features on or off.
Using this configuration will provide an authentication gate to access the platforms, once authenticated, configured users will have access to all content in the respective platform.
This guide covers configuring an IIS reverse proxy to configure which AD users and groups can access Shinydocs Dashboards or Control Center. You can set up both with this method, but you must set them to different physical paths and ports.
Preconditions
Have Shinydocs Pro installed
If you are configuring Shinydocs Pro Control Center, you will need to be bound to HTTP instead of the default HTTPS for the reverse proxy
Note: You will be configuring SSL in IIS instead
Guide
(Control Center only) Step 0: Change Control Center to bind on localhost only and HTTP
Backup the Configuration File
Go to the installation directory:
[install location]\Shinydocs Professional\ControlCenter.Make a copy of the
appsettings.Production.jsonfile as a backup.
Edit the Configuration File
Open the original
appsettings.Production.jsonfile in a text editor.Update the file with the following configuration:
CODE{ "Kestrel": { "Endpoints": { "Http": { "Url": "http://localhost:9701" } } } }Save the file after making the changes.
Restart the Service
Restart the Shinydocs Pro Control Center Windows service to apply the new configuration.
Verify Access
Open a browser on the machine where Shinydocs Pro Control Center is installed.
Go to
http://localhost:9701to confirm that the site is accessible locally.
Step 1: Set Up IIS
Open Server Manager and click Manage > Add Roles and Features.
Choose Role-based or feature-based installation, then click Next.
Select your server from the server pool, then click Next.
In the Server Roles section, ensure URL Authorization and Windows Authentication are selected.
Complete the wizard.
Download and install:
Step 2: Add Your Website
Open IIS Manager.
Right-click Sites and select Add Website.
Fill out the following fields using your values:
Site name: The name of your site as it will appear in IIS
Suggestions:
Shinydocs Pro Control Center
Shinydocs Pro Dashboards
Physical path:
C:\inetpub\wwwroot\ShinydocsProYou can choose any physical path you like, it will create the web.config file for IIS in this directory.
Type: HTTPS
IP address: All Unassigned
Port: 443
You can use any port you would like that is available
Host name: Your hostname
SSL certificate: Select your certificate (e.g., my self-signed certificate JARVIS)
For more information, please see How to Set Up SSL on IIS 7 or later | Microsoft Learn
Click OK to create the site.
Step 3: Configure the Reverse Proxy
Select your website in IIS Manager, then click URL Rewrite.
In the Actions panel, click Add Rules.
Select Reverse Proxy and click OK.
Set the internal URL and the external URL.
For internal URL:
Dashboards:
localhost:5601Shinydocs Control Center:
localhost:9701
Enable Rewriting of domain names under Outbound Rules.
Click OK to save the settings.
Dashboards (port 5601)
Control Center (port 9701)
Step 4: Configure Server Variables
With your site selected, go to URL Rewrite and click View Server Variables.
Add these variables:
HTTP_ACCEPT_ENCODINGHTTP_X_ORIGINAL_ACCEPT_ENCODING
Go back, select the Inbound Rule in URL Rewrite and click Edit.
Under Server Variables
Add
HTTP_X_ORIGINAL_ACCEPT_ENCODINGto{HTTP_ACCEPT_ENCODING}.Add
HTTP_ACCEPT_ENCODINGwith a placeholder value (e.g.,abc).
Click Apply (top-right) to save the configuration.
Edit the
web.configfile in your site's directory (C:\inetpub\wwwroot\ShinydocsPro):Replace the placeholder value (
abc) with an empty string.Add the following under
<configuration>:CODE<system.web> <httpRuntime requestPathInvalidCharacters="" relaxedUrlToFileSystemMapping="true" /> </system.web>
Save the file.
Go to URL Rewrite and click Add Rules. Choose Blank Rule under Outbound Rules
Name the rule
RestoreAcceptEncoding. In the settings, choose <Create New Precondition…>.Name the rule
NeedsRestoringAcceptEncoding, check Using is set toRegular Expressionsand Logical grouping is set toMatch All.Add a condition to the precondition:
For Condition input, type
{HTTP_X_ORIGINAL_ACCEPT_ENCODING}(include the curly braces).For Pattern, type
.+.Click OK twice to close the condition setup.
Back in the rule settings, go to Match and set Matching Scope to Server Variable.
For Variable name, type
HTTP_ACCEPT_ENCODING.For Pattern, type
^(.*).
In the Action section, do the following:
Set Action type to Rewrite.
For Value, type
{HTTP_X_ORIGINAL_ACCEPT_ENCODING}(include the curly braces).
Click Apply to save the rule.
Step 5: Configure User Authentication
Select your site in IIS Manager and click Authentication.
Disable Anonymous Authentication and enable Windows Authentication.
Go back to the main IIS screen and select .NET Authorization Rules or Authorization Rules (whichever is available on your computer).
Delete the default Allow All Users rule.
Choose one of the following options based on your needs:
All users: Allows everyone to access the web content. Use this only if there are no security concerns about unrestricted access.
All anonymous users: Not recommended.
Specified roles or user groups: Restricts access to specific user groups. Use this option when you want only users in certain groups, such as administrators, to have access.
Specified users: Limits access to specific individuals. Use this for precise control over who can access the content.
Your Shinydocs Pro site should now be accessible securely and configured with user authentication. Try right-clicking on the site in IIS Manager > Manage Website > Browse. If you experience any issues, review the steps and ensure all configurations match the guide.