Downloads

2.5.0

Released on 2 March 2021.

Release notes

  • add support for exposing Prometheus metrics, see Usage Statistics using Micrometer
  • add support for SAML Logout (using the /saml/logout endpoint), contributed by @DefensePoint
  • add support for SAML Single Logout (using the /saml/SingleLogout endpoint)
  • add option to log SAML attributes whenever a user authenticates using SAML (proxy.saml.log-attributes)
  • expose SAML metadata on /saml/metadata endpoint
  • properly handle receiving expired SAML credentials by redirecting the user to /auth-error and logging a warning message. See this FAQ Entry.
  • add option to configure the max authentication age of SAML credentials (proxy.saml.max-authentication-age). See this FAQ Entry.
  • allow to specify the Same Site policy for Cookies (proxy.same-site-cookie). See the documentation
  • add load balancer support for SAML authentication, contributed by @johannestang.
  • provide the SHINYPROXY_PUBLIC_PATH environment variable to app containers in order to allow compatibility with Dash 1.3 and RStudio. See the documentation
  • refactor label and annotations of application containers. These labels and annotations can be processed by monitoring software, such as Grafana Loki. See the documentation
  • allow to specify the query parameter sp_hide_navbar=true on app pages in order to hide the navbar.
  • Docker image was improved in order to reduce the image size (~300MB vs ~800MB). Note: the /etc/shinyproxy config directory no longer exists. Configuration files should be placed inside the /opt/shinyproxy/application.yml directory. See the updated documentation.
  • add the /logout-success endpoint. This can be configured as the logout-url or as part of a logout callback. See the documentation for OIDC and SAML.
  • add the /app-access-denied endpoint. This is shown when the user logs in using SAML and the IDP indicates that logged-in user may not use the application (i.e. the IDP sends a urn:oasis:names:tc:SAML:2.0:status:RequestDenied status code.)
  • Fix: ensure SHINYPROXY_OIDC_ACCESS_TOKEN is always set when using OIDC and Redis for session storage
  • Fix: ensure clicking back button after authenticating does not cause errors when using SAML with (Azure) Active Directory
  • Fix: do not hardcode JS and CSS versions inside templates to allow easier upgrade
  • Fix: prevent redirect-loop when using OIDC and email is missing in attributes
  • Fix: handle stale session cookies and state when using OIDC (and Keycloak). This prevents errors when the user keeps an OIDC login page open for too long or using stale bookmarks.
  • Fix: username not shown when using OIDC, SAML …
  • Note: if you are using AWS ElastiCache in order to enable session persistence, you have to change the configuration of both ElastiCache and ShinyProxy. More information
  • Note: templates have changed, see our examples for more information.
  • Note: the port of the management server has changed to 9090. Therefore all endpoints starting with /actuator are now server on port 9090 instead of 8080. Therefore the configuration of readiness and liveness probes must be updated. In addition, these endpoints do not start with the context-path (if any).
  • Note: this version requires at least version 0.0.1-SNAPSHOT-20210302.095930 of the ShinyProxy Operator.

2.4.3

Released on 08 January 2021.

Release notes

  • use GitHub Actions to test ShinyProxy against multiple Java and Kubernetes versions
  • Fix: properly cleanup proxies at shutdown
  • Fix: include health of Redis into readiness probe (but only when Redis is used)
  • Fix: fix SAML and Kerberos authentication (since 2.4.2 it would throw an Exception at startup)
  • Fix: take server context-path into account when redirecting to /auth-error

2.4.2

Released on 17 December 2020.

Release notes

  • support any JDBC compatible database for storing usage statistics
  • use database connection pooling for usage statistics (improves the performance and reliability of it)
  • allow to use Spring Expression Language inside the kubernetes-pod-patches and kubernetes-additional-manifests configuration properties
  • add proxy.kubernetes.pod-wait-time property to configure the time ShinyProxy waits for a Kubernetes pod to become ready
  • add warning when using the removed server.use-forward-headers property
  • Fix: do not throw StackOverflowException when OpenID Connect throws an exception (e.g., when there is a configuration issue)
  • Fix: do not cause a redirect loop when ShinyProxy cannot verify an OpenID Connect token, but the user is correctly logged in (e.g., when there is a configuration issue)
  • Fix: disable debug log level for org.springframework.web.servlet.DispatcherServlet since it interfere with requests being proxied to the app
  • Fix: POST requests don’t work when using OpenID Connect
  • Fix: make heartbeat mechanism less intrusive such that it doesn’t break the websockets connection. Especially useful on slow connections and when using Shiny apps with large plots.

2.4.1

Released on 21 December 2020.

Release notes

  • Fix: rebuild JAR packages using OpenJDK 8 so that they can be run using OpenJDK 8

2.4.0

Released on 12 October 2020.

Release notes

  • support arbitrary settings at app level for the Kubernetes backend using pod patches
  • support for creating additional Kubernetes resources when an app starts and removing these when the app stops
  • instrument ShinyProxy for deployment using a Kubernetes operator
  • support Kubernetes liveness and readiness probes
  • improved handling of concurrent users of a proxied resource (increase proxy client’s queue size to 100)
  • include version of ShinyProxy in startup message
  • support logout redirection for SAML authentication (proxy.saml.logout-url)
  • Fix: support compilation with both OpenJDK and Oracle JDK
  • Fix: POST requests to apps a.o. large file uploads
  • Fix: correct checksums generated by builds
  • Fix: build snapshot Docker images and push to Docker Hub
  • Fix: update dependencies so that Google Social Login is supported
  • Note: the property to configure useForwardHeaders has changed, see Security
  • Note: the property to configure logging to a file has changed from logging.file to logging.file.name, see Logging

2.3.1

Released on 18 June 2020.

Release notes

  • support hosting of Zeppelin notebooks on ShinyProxy (by using non-greedy pattern matching to get app name)
  • possibility to set secure flag on cookies (server.secureCookies)
  • set HttpOnly on cookies set by ShinyProxy
  • set X-Frame-Options header using server.frameOptions
  • perform CSRF check on the login form and set X-Content-Type-Options header to nosniff
  • allow to set a forceAuthN flag when using SAML authentication (proxy.saml.force-authn)
  • improved parsing of custom OIDC role claims
  • improved support for the ‘emails’ claim in OIDC
  • Fix: AJAX error when using Keycloak
  • Fix: ‘Error: 200’ page in case of login expiration
  • Fix: 404 when a user makes concurrent /app_direct calls;
  • Fix: error when stopping containers in a different namespace;
  • Fix: documentation for web service authentication

2.3.0

Released on 21 Jun 2019.

Release notes

  • support for (encrypted) SAML 2.0 based authentication and authorization;
  • support for writing application logs to S3 buckets;
  • additional logging for OpenID Connect based authentication and authorization

2.2.2

Released on 10 May 2019.

Release notes

  • fine-grained control on container runtime constraints with new fields container-memory-request, container-memory-limit, container-cpu-request and container-cpu-limit; this works both for a plain Docker back-end (except for container-cpu-request) and for a Kubernetes backend (all fields);
  • support for providing Kubernetes secrets to apps (using secret key refs)
  • additional documentation on request dumping (logging.requestdump)
  • app_direct URLs require a trailing slash, so /app_direct/myapp now redirects to /app_direct/myapp/ for convenience
  • fix: global privileged flag was no longer working
  • fix: proxy could take a long time to start on Kubernetes pods

2.2.1

Released on 29 March 2019.

Release notes

  • landing-page can now be used to redirect the user to a single Shiny app (/app/<app-name> or /app_direct/<app-name>) instead of the list of Shiny apps (default; /)
  • fix: enable proxying of other request methods beside GET
  • fix: re-enable basic auth for API usage when OAuth2 is not being used

2.2.0

Released on 23 March 2019.

Release notes

  • added new OAuth2 compliant security mechanism for the ShinyProxy API to allow for secured embedding of Shiny apps in broader applications or platforms
  • replaced endpoint URLs with user-friendly URLs based on app name i.e. /app/<app-name> (standard ShinyProxy interface) and /app_direct/<app-name> (direct access to the Shiny app)
  • moved configuration of authentication method webservice to proxy.webservice
  • new setting logging.requestdump to enable full request dump
  • fix: ShinyProxy will now throw an exception if specs are defined with the same id
  • fix: uptime field in admin interface now displays 0 for initializing apps
  • fix: influxdb now records non-ASCII usernames correctly
  • fix: 400 bad request when launching proxy via api without body
  • fix: error when setting proxy.openid.roles-claim is miss-spelled or missing in the id token

2.1.0

Released on 21 December 2018.

Release notes

  • new Kerberos authentication and authorization back-end, which also allows to use Kerberos tickets for downstream usage inside the Shiny or Dash apps (including support for constrained delegation)
  • new authentication method webservice for custom web services that handle authentication with a HTTP POST call returning a session id and user information
  • allow user to set node-selector for a Kubernetes cluster using proxy.kubernetes.node-selector
  • add support for non-ico favicons i.e. png
  • updated Keycloak dependency to 4.7.0
  • fix: openid login does not trigger login log event
  • fix: timing issue with heartbeat on small requests
  • fix: proxy.admin-groups didn’t work for multiple groups
  • fix: tear down proxies once done testing with them in TestConcurrentUsers
  • fix: use app.id instead of app.name in the index.html of templates when app logos are used for the landing page

2.0.5

Released on 12 October 2018.

Release notes

  • add favicon-path to allow for easy use of custom favicons for ShinyProxy
  • add ShinyProxy API documentation
  • introduce proxy.keycloak.use-resource-role-mappings to allow for switching between client roles and realm roles
  • add proxy.keycloak.name-attribute to allow for specific attributes to be used as the user’s name
  • add possibility to specify the proxy.openid.logout-url for OpenID Connect based authentication
  • document proxy.openid.username-attribute
  • fix: container-env setting was ignored
  • fix: authentication: none still hides apps if access-groups is set

2.0.4

Released on 21 September 2018.

Release notes

  • support SpEL (Spring expression language) in the application.yml configuration file; this allows a.o. to mount user-specific volumes for Shiny apps
  • ship MonetDB client jar again for usage statistics monitoring with MonetDB
  • fix leftover pixels below app iframe
  • fix proxy access error when using 2 sessions and OIDC
  • fix blank page or 404 when re-accessing a starting proxy
  • fix generation of the ShinyProxy RPM package
  • document settings for large file uploads in Shiny apps

2.0.3

Released on 4 September 2018.

Release notes

  • a new environment variable SHINYPROXY_OIDC_ACCESS_TOKEN is made available to the Shiny app containers when using the OpenId Connect (OIDC) authentication/authorization back-end; this allows to use the OIDC access token to authenticate against APIs from within the Shiny apps
  • fix ‘Not authorized to access this proxy’ issue which occurred when an admin accessed an app that was already running for another user or when the same user accesses the same app from two different browser sessions

2.0.2

Released on 17 August 2018.

Release notes

  • new setting proxy.bind-address to specify the bind address (hostname or IP address)
  • examples on containerized ShinyProxy with Docker Swarm back-end
  • no more redirect after logout with Keycloak-backed authentication
  • updated documentation on specification of context paths
  • support trailing slashes for app URLs
  • bug fix: OIDC now respects the context path
  • fix authentication: none
  • a default configuration file ships with ShinyProxy again

2.0.1

Released on 3 August 2018.

Release notes

  • the display-name is now used as browser tab name, so different Shiny apps in the browser can be more easily discriminated
  • support for setting SSL/HTTPS modes in the Keycloak back-end for single sign-on (proxy.keycloak.ssl-required)
  • better documentation of the privileged setting in proxy.docker, proxy.kubernetes and for individual app containers
  • bug fix: some settings were still using the old (1.x.y) shiny.proxy namespace instead of proxy
  • fix support of authentication: none
  • fix resolution of proxy.kubernetes.image-pull-* settings for pulling Shiny app container images

2.0.0

Released on 27 July 2018.

Release notes

  • support to manage Shiny apps over an API (launch, shut down) for embedding Shiny apps in larger applications and websites
  • new heartbeat mechanism that no longer requires the use of iframes
  • support of OpenId Connect authentication
  • new YAML configuration to prepare for more advanced features; note that the configuration is slightly different from the 1.x.y versions
  • better container log names with the image name and time stamp

1.1.1

Released on 28 May 2018.

Release notes

  • support for theming and customization of the ShinyProxy landing page
  • stricter adherence to YAML for the ShinyProxy configuration in the application.yml file
  • remove 1-pixel border around Shiny app display for certain browsers
  • bug fix to make sure a query string e.g. the ?x=y from /app/myApp?x=y is passed properly to the app
  • bug fix for kubernetes backend deleting all services

1.1.0

Released on 25 March 2018.

Release notes

  • support to run ShinyProxy inside a container
  • support of a Kubernetes back-end
  • new property shiny.proxy.container-backend to configure container back-end
  • support of setting a custom port per app (using a new port property); this notably allows to run Dash apps inside ShinyProxy (which have 8050 as default port)
  • allow for multiple sessions per user/app combination
  • new property privileged which, if true allows to run the app containers in a privileged mode
  • search LDAP subtree instead of one level
  • improved documentation of LDAP configuration
  • Keycloak authentication will now fail if username is empty
  • removed obsolete navbar dropdown in mobile mode
  • added travis support to the repository

1.0.2

Released on 12 November 2017.

Release notes

  • new property shiny.docker.proxy.port-range-max allows to limit the number of ports to be used by a single ShinyProxy instance e.g. to allow multiple instances to launch docker containers on a shared Docker Swarm cluster or to limit the number of concurrent apps on a single instance
  • app-specific environment variables can be specified in the docker-env property inside the app configuration, similarly to docker-env-file
  • the logo-url property of an individual app (to display application logos on the landing page) now also support the file scheme (to be able to use local files as logos)
  • ShinyProxy no longer fails if shiny.proxy.cert-path is missing
  • improved handling of failed app starts

1.0.1

Released on 24 October 2017,

Release notes

  • fix security issue when using proxy urls directly
  • fix for starttls error when TLS already started
  • remove Docker dependencies from .deb to allow for deployment of Docker on separate host

1.0.0

Released on 13 September 2017.

Release notes

  • new environment variable SHINYPROXY_USERGROUPS is made available to the Shiny apps and contains the group memberships of the authenticated user
  • add support for LDAP with StartTLS using property shiny.proxy.ldap.starttls
  • new optional setting shiny.proxy.docker.container-protocol to configure the container protocol; if not set, it will be taken from the docker host url as specified in shiny.proxy.docker.url
  • added animated loading feedback while Shiny app (i.e. container) is launching
  • the logo-url property now also supports the file scheme (to allow for local logo files)
  • fix for influxdb usage statistics logging when username contains whitespace
  • allow JVM to exit if ShinyProxy cannot open its allocated port
  • switch from deprecated simple proxy client to load-balanced client
  • generate SHA-256 and MD5 checksums for all downloads

0.9.4

Release notes

  • support for reporting issues with Shiny apps run on ShinyProxy; issues are mailed to a support address (configurable via spring.mail) and have Shiny application logs in attachment (using a new container log storage service)
  • support for multiple LDAP authentication providers e.g. for different domains or forests
  • support of custom context paths via the server.contextPath setting in the application.yml file
  • add content-type to heartbeat response
  • layout fixes when hiding the navbar (hide-navbar: true) and better IE support
  • ShinyProxy deb package available for Ubuntu 16.04 LTS (and 14.04 LTS)

0.9.3

Release notes

  • added Docker Swarm support for scalable deployments
  • host argument in the docker configuration removed; this is now requested directly from the Docker API
  • multiple clicking on a link to a Shiny app no longer launches multiple containers
  • improved retry wait time when container-wait-time is set to a very high value to prevent unnecessarily slow startup
  • ShinyProxy rpm package available for CentOS 7 (and RHEL 7)

0.9.2

shinyproxy-0.9.2.jar (sha256, md5)

Release notes

  • improved removal of containers upon application shutdown

0.9.1

shinyproxy-0.9.1.jar (sha256, md5)

Release notes

  • make Keycloak role names case insensitive to fix Keycloak based authorization

0.9.0

shinyproxy-0.9.0.jar (sha256, md5)

Release notes

  • single-sign on and advanced identity and access management using a new authentication mechanism authentication: keycloak; this integrates ShinyProxy with Keycloak

0.8.7

shinyproxy-0.8.7.jar (sha256, md5)

Release notes

  • new option hide-navbar to hide the navigation bar; this allows for easy embedding of ShinyProxy in other web applications
  • make height shinyframe responsive such that Shiny apps resize whenever the parent window is resized
  • support social authentication using Facebook, Twitter, Google, Github or LinkedIn accounts with a new authentication option authentication: social

0.8.6

shinyproxy-0.8.6.jar (sha256, md5)

Release notes

  • configurable timeout value for ‘container did not respond in time’ in a new field container-wait-time with default value of 20000 (20 seconds)
  • support the equivalent of docker run --network in a new (optional) field docker-network that can be specified per Shiny app

0.8.4

shinyproxy-0.8.4.jar (sha256, md5)

Release notes

  • fixed mounting of Docker volumes (using docker-volumes field)
  • tracking of usage statistics now also supports MonetDB (next to InfluxDB);
  • usage-stats-db has been removed in favour of usage-stats-url: for InfluxDB use http://localhost:8086/write?db=shinyproxy_usagestats; for MonetDB use a jdbc URL e.g. jdbc:monetdb://localhost:50000/usage_stats
  • support of DB credentials for usage statistics logging with new fields usage-stats-username and usage-stats-password

0.8.0

shinyproxy-0.8.0.jar (sha256, md5)

Release notes

  • allow to mount volumes in the Shiny app docker containers using the new docker-volumes field in the application.yml file
  • pass arbitrary environment variables to the container using a new field docker-env-file in the application.yml file

0.7.8

shinyproxy-0.7.8.jar (sha256, md5)

Release notes

  • limit memory of a shiny app with a new argument docker-memory in the application.yml file
  • allow for iframe embedding of ShinyProxy

0.7.5

shinyproxy-0.7.5.jar (sha256, md5)

Release notes

  • new authentication mechanism authentication: simple which allows to define users inside the application.yml file
  • the setting admin-groups has moved one level up, from shiny.proxy.ldap to shiny.proxy (since groups can now also be specified inside the application.yml)
  • the setting ldap-groups under shiny.proxy.apps has been renamed to groups (to be more generic now a user can also specify groups inside the application.yml file instead of the relevant LDAP directory)
  • fix proper passing of custom information via the URL (to retrieve it in the session$clientData$url_search variable variable inside the Shiny application)

0.7.0

shinyproxy-0.7.0.jar (sha256, md5)

Release notes

  • allow one user to open multiple applications as requested by this issue on Github
  • optional display of logos for apps on the landing page using a new configuration field logo-url
  • fix spurious error message on Jetty ALPN support

0.6.0

shinyproxy-0.6.0.jar (sha256, md5)

Release notes

  • functionality to track and save usage statistics has been added; a general model has been implemented as well as a plug-in for influxDB
  • additional logging to help pinpoint networking issues (e.g. erroneous specification of docker host IP)

0.5.0

Download

shinyproxy-0.5.0.jar (sha256, md5)

Release notes

  • user information accessible to the container as the SHINYPROXY_USERNAME environment variable
  • introduced Spring Profiles for managing configuration
  • fix issue with clean-up of heartbeat timestamps
  • display-name of an app now defaults to its name

0.4.0

Download

shinyproxy-0.4.0.jar (sha256, md5)

Release notes

  • members of the admin user group now can access real-time usage overview at /admin
  • optional configuration of a display name and description for an app (displayed on landing page)
  • additional logging for user authentication events
  • support docker-dns option for an app

0.3.0

Download

shinyproxy-0.3.0.jar (sha256, md5)

Release notes

  • a new heartbeat mechanism will shut down unused containers

0.2.0

Download

shinyproxy-0.2.0.jar (sha256, md5)

Release notes

  • fast switching between apps
  • migrate to thread-safe Docker client

0.1.0

Download

shinyproxy-0.1.0.jar (sha256, md5)

Release notes

  • make the proxy port (default 8080) configurable
  • allow for disabling authentication

0.0.2

Download

shinyproxy-0.0.2.jar (sha256, md5)

Release notes

  • more generic authorization support
  • simple logging added to default configuration

0.0.1

Download

shinyproxy-0.0.1.jar (sha256, md5)

Release notes

  • initial release