15 Appendix: Configuration Options

This appendix documents the RStudio Connect configuration file format and enumerates the user-configurable options.

The RStudio Connect configuration file is located at /etc/rstudio-connect/rstudio-connect.gcfg. This configuration is read at startup and controls the operation of the service.

The RStudio Connect configuration file uses the gcfg (Go Config) format, which is derived from the Git Config format.

Here is an example of that format showing the different property types:

; Comment
[BooleanExamples]
property1 = true
property2 = off
property3 = 1

[IntegerExamples]
Property1 = 42
Property2 = -123

[DecimalExamples]
Property1 = 3.14
Property2 = 7.
Property3 = 2
Property4 = .217

[StringExamples]
Property1 = simple
Property2 = "quoted string"
Property3 = "escaped \"quote\" string"

[MultiStringExamples]
ListProperty = black
ListProperty = blue
ListProperty = green

[DurationExamples]
Property1 = 1000000000
Property2 = 500ms
Property3 = 1m15s  ; comment with a property

Comments always start with a semi-colon (;) and continue to the end of the line. Comments can be on lines by themselves or on a line with a property or section definition.

Configuration sections always begin with the name of the section bounded by square brackets. A section may appear multiple times and are additive with the last value for any property being retained. The following two configuration examples are equivalent.

[Example]
A = aligator
B = 2

[Example]
A = aardvark
C = shining
[Example]
A = aardvark
B = 2
C = shining

Each configuration property must be included in its appropriate section. Property and section names are interpreted case-insensitively.

Property definitions always have the form:

Name = value

The equals sign (=) is mandatory.

If a property happens to to be given more than once, only the last value is retained. The “multi” properties are an exception to this rule; multiple entries are aggregated into a list.

[MultiExample]
Color = black
Color = blue

[NonMulti]
Animal = cat
Animal = dog

If Color is a multi-string property, both the “black” and “blue” values are used. If Animal is a normal string property, only the value “dog” is retained.

Configuration properties all have one of the following types:

string

A sequence of characters. The value is taken as all characters from the first non-whitespace character after equal sign to the last non-whitespace character before the end-of-line or start of a comment. Double-quotes (") are supported, but usually unnecessary. A literal double-quote MUST be escaped and quoted itself like QuotedValue = "J.R. \"Bob\" Dobbs".

multi-string

A property that takes multiple string values. The property name is listed with each individual input value. For example, providing Color = black and Color = blue results in two separate values.

boolean

A truth value. The values true, yes, on, and 1 are interpreted as true. The values false, no, off, and 0 are interpreted as false.

integer

An integral value.

decimal

A numeric value with an optional fractional component. Values with and without a decimal point are allowed.

duration

A value specifying a length of time. When provided as a raw number, the value is interpreted as nanoseconds. Duration values can also be specified as a sequence of decimal numbers, each with optional fraction and unit suffix, such as 300ms, 1.5h, or 1m30s.

Valid time units are ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), and h (hours).

15.1 Server

The Server section contains configuration properties which apply across the whole of RStudio Connect and are not appropriate for the other sections, which are generally narrower.

The properties which follow all must appear after [Server] in the configuration file.

Name Type Default Description

DataDir

string

/var/lib/rstudio-connect

The directory where RStudio Connect will store its variable data.

SourcePackageDir

string

<empty-string>

A directory containing source bundles for packages that are unavailable on either CRAN or a public GitHub repository. Must be readable by the Applications.RunAs user.

EnableSitemap

boolean

false

Specifies if RStudio Connect should provide a /sitemap.xml file enumerating the publicly available apps.

RVersionMatching

string

nearest

Specifies how RStudio Connect attempts to match R version associated with uploaded content with the R versions available on the system. Allows values of nearest or exact.

RVersion

multi-string

unspecified

Path to an R installation root. Multiple definitions can be used to provide multiple locations with R.

RVersionScanning

boolean

true

Scan for R installations in well-known locations.

Address

string

<empty-string>

A public URL for this RStudio Connect server. Must be configured to enable features like including links to your content in emails.

SenderEmail

string

<empty-string>

An email address used by RStudio Connect to send outbound email. The system will not be able to send administrative email until this setting is configured.

ViewerKiosk

boolean

false

When enabled, RStudio Connect does not prompt view-only users to request elevated privileges when attempting to access restricted resources.

HideEmailAddresses

boolean

false

When enabled, RStudio Connect will not expose email addresses in API requests or its dashboard.

MailAll

boolean

false

When enabled, RStudio Connect will allow scheduled and on-demand documents to send email to all users of the system.

PublicWarning

string

<empty-string>

An HTML snippet used to inject a message into the RStudio Connect dashboard welcome pages.

LoggedInWarning

string

<empty-string>

An HTML snippet used to inject a message into the RStudio Connect recent views.

ContentTypeSniffing

boolean

false

If disabled, sets the X-Content-Type-Options HTTP header to nosniff. When enabled, removes that header, allowing browsers to mime-sniff responses.

ServerName

string

<empty-string>

By default, Connect sets the Server HTTP header to something like RStudio Connect v1.2.3. This setting allows you to override that value.

AccessLog

string

/var/log/rstudio-connect.access.log

Path to the file that RStudio Connect will use for its access logs. Disabled when empty.

CustomHeader

multi-string

unspecified

Custom HTTP header that should be added to responses from Connect in the format of key: value. The left side of the first colon in the string will become the header name; everything after the first colon will be the header value. Both will be trimmed of leading/trailing whitespace. This will always add a new header with the specified value; it will never override a header that Connect would otherwise have set. Multiple definitions can be used to provide multiple custom headers.

FrameOptionsContent

string

<empty-string>

The value for the X-Frame-Options HTTP header for all user-uploaded content (Shiny apps, RMDs, etc.). If empty, no header will be added.

FrameOptionsDashboard

string

DENY

The value for the X-Frame-Options HTTP header for the Connect dashboard and all other Connect pages. If empty, no header will be added.

15.2 Http

The Http section contains configuration properties which control the ability of RStudio Connect to listen for HTTP requests. RStudio Connect must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [Http] in the configuration file.

Name Type Default Description

Listen

string

<empty-string>

RStudio Connect will listen on this network address for HTTP connections. The network address can be of the form :80 or 192.168.0.1:80. Either Http.Listen or Https.Listen is required.

15.3 Https

The Https section contains configuration properties which control the ability of RStudio Connect to listen for HTTPS requests. RStudio Connect must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [Https] in the configuration file.

Name Type Default Description

Listen

string

<empty-string>

RStudio Connect will listen on this network address for HTTPS connections. The network address can be of the form :443 or 192.168.0.1:443. Either Http.Listen or Https.Listen is required.

Key

string

<empty-string>

Path to a private key file corresponding to the certificate specified with Https.Certificate. Required when Https.Certificate is specified.

Certificate

string

<empty-string>

Path to a TLS certificate file. If the certificate is signed by a certificate authority, the certificate file should be the concatenation of the server’s certificate followed by the CA’s certificate. Must be paired with Https.Key.

Permanent

boolean

false

Advertises to all visitors that this server should only ever be hosted securely via HTTPS. WARNING: if this is set to true – even temporarily – visitors may be permanently denied access to your server over an unsecured (non-HTTPS) protocol. This sets the secure flag on all session cookies and adds a Strict-Transport-Security HTTP header with a value of 30 days.

15.4 HttpRedirect

The HttpRedirect section contains configuration properties which control the ability of RStudio Connect to listen for HTTP requests and then redirect all traffic to some alternate location. This is useful when paired with an Https.Listen configuration.

These properties must appear after [HttpRedirect] in the configuration file.

Name Type Default Description

Listen

string

<empty-string>

RStudio Connect will listen on this network address for HTTP connection and redirect to either the HttpRedirect.Target or Server.Address target location. The network address can be of the form :8080 or 192.168.0.1:8080. Useful when you wish all requests to be served over HTTPS and send users to that location should they accidentally visit via an HTTP URL. Must be paired with either HttpRedirect.Target or Server.Address.

Target

string

<empty-string>

The target for redirects when users visit the HttpRedirect.Listen HTTP service. Server.Address is used as a redirect target if this property is not specified.

15.5 Database

The Database section contains configuration properties which control the location of and how RStudio Connect interacts with its database.

These properties must appear after [Database] in the configuration file.

Name Type Default Description

Dir

string

{Server.DataDir}/db

The directory containing the RStudio Connect database.

MaxIdleConnections

integer

0

The maximum number of database connections that should be retained after they become idle. If this value is less-than or equal-to zero, no idle connections are retained.

MaxOpenConnections

integer

0

The maximum number of open connections to the database. If this value is less-than or equal-to zero, then there is no limit to the number of open connections.

15.6 Authentication

The Authentication section contains configuration properties which control how users will log into RStudio Connect.

These properties must appear after [Authentication] in the configuration file.

Name Type Default Description

Provider

string

password

Specifies the type of user authentication. Allows values of password, oauth2, ldap, pam, or proxy.

Name

string

<empty-string>

Specifies a meaningful name for your authentication provider. This presented on the sign-in page and gives users context about the credentials being requested. If unspecified, RStudio Connect will use a generic name for the chosen provider. Just using your company name is often a good choice.

15.7 OAuth2

The OAuth2 section contains configuration properties which control how RStudio Connect communicates with Google OAuth2 servers in order to authenticate users.

Section 8.4 contains more information about configuring RStudio Connect to use Google for authentication.

The DiscoveryEndpoint property should be configured as:

[OAuth2]
DiscoveryEndpoint = https://accounts.google.com/.well-known/openid-configuration

These properties must appear after [OAuth2] in the configuration file.

Name Type Default Description

DiscoveryEndpoint

string

<empty-string>

Specifies a URL for the OAuth2 discovery endpoint. Required for all OAuth2 configurations.

ClientId

string

<empty-string>

Identifier for OAuth2 client. Required for all OAuth2 configurations.

ClientSecret

string

<empty-string>

Client secret for the configured client ID. Either OAuth2.ClientSecret or OAuth2.ClientSecretFile must be specified when using OAuth2. OAuth2.ClientSecret takes priority if both properties are set.

ClientSecretFile

string

<empty-string>

Path to file containing the client secret. Either OAuth2.ClientSecret or OAuth2.ClientSecretFile must be specified when using OAuth2. OAuth2.ClientSecret takes priority if both properties are set.

AllowedDomains

string

<empty-string>

Space-separated list of domains permitted to authenticate.

AllowedEmails

string

<empty-string>

Space-separated list of email addresses permitted to authenticate. When used without OAuth2.AllowedDomains, only the email addresses listed here will be allowed access. When used with OAuth2.AllowedDomains, the email addresses listed here will be added to those with valid domains.

15.8 LDAP

The LDAP section contains configuration properties which control how RStudio Connect communicates with an LDAP or Active Directory server.

See Section 8.3 for details about how to configure RStudio Connect with LDAP authentication. Section 16 contains many configuration examples.

The LDAP section is different from many other configuration sections, as it allows multiple, distinctly named configuration instances. This name is case sensitive. A named section looks like:

[LDAP "European LDAP Server"]

All of the LDAP configuration properties must appear after [LDAP "<name>"] in the configuration file.

Name Type Default Description

ServerAddress

string

<empty-string>

Specifies the location of the LDAP/AD server. This should be of the form <host>:<port>. The host may be either an IP or DNS address. Most LDAP/AD servers operate on port 389 or 636.

TLS

boolean

false

When enabled, all connections to your LDAP/AD server will use TLS (SSL).

StartTLS

boolean

false

When enabled, the connection will initially be made on an insecure port then the channel will be upgraded to TLS using StartTLS.

ServerTLSInsecure

boolean

false

This option controls if RStudio connect will verify the server’s certificate chain and host name. When enabled, RStudio Connect will accept any certificate presented by the server and any host name in that certificate. Setting to true is susceptible to man-in-the-middle attacks but is required in some circumstances, such as when using a self-signed certificate.

TLSCACertificate

string

<empty-string>

Path to a certificate authority used to connect an LDAP server.

UserObjectClass

string

<empty-string>

The name of the LDAP objectClass used to define users.

UserFirstNameAttribute

string

<empty-string>

The LDAP user attribute containing a user’s first name. This is often the givenName attribute.

UserLastNameAttribute

string

<empty-string>

The LDAP user attribute containing a user’s last name. The sn attribute will usually contain last name.

UserEmailAttribute

string

<empty-string>

The LDAP user attribute containing a user’s email address. Many systems use the mail attribute.

UsernameAttribute

string

<empty-string>

The LDAP user attribute containing a user’s username. Commonly used attributes include uid, cn, and samaccountname.

BindDN

string

<empty-string>

A DN for a read-only admin account that is used during double-bind authentication and for certain operations that do not occur during the login sequence (such as searching). Must be paired with BindPassword.

BindPassword

string

<empty-string>

The password for the BindDN account.

AnonymousBind

boolean

false

Enable anonymous bind. An anonymous user must have rights to search and view all pertinent groups, group memberships, and users.

UserSearchBaseDN

string

<empty-string>

The base DN used when performing user searches.

15.9 PAM

The PAM section contains configuration properties which control how RStudio Connect interacts with the PAM (Pluggable Authentication Module) API.

See Section 8.5 for details about configuring an appropriate PAM authentication profile for RStudio connect.

See Section 10.5 for information about using PAM sessions when launching R processes.

These properties must appear after [PAM] in the configuration file.

Name Type Default Description

Service

string

rstudio-connect

Specifies the PAM service name that RStudio Connect will use when authenticating users.

UseSession

boolean

false

Use PAM sessions when launching R processes.

SessionService

string

su

Specifies the PAM service name that RStudio Connect will use for PAM sessions.

15.10 Proxied Authentication

The ProxyAuth section contains configuration properties which control how RStudio Connect utilizes an external authentication server which proxies all requests.

See Section 8.6 for details about configuring an appropriate proxied authentication for RStudio connect.

Name Type Default Description

UsernameHeader

string

X-Auth-Username

Specifices the name of the header that will contain a username provided by the proxy.

15.11 Authorization

The Authorization section contains configuration properties which control permissions and privileges when accessing RStudio Connect.

These properties must appear after [Authorization] in the configuration file.

Name Type Default Description

DefaultUserRole

string

publisher

Specifies what abilities given to a newly created user. Allows values viewer, publisher, or administrator.

15.12 Applications

The Applications section contains configuration properties which control how RStudio Connect communicates with R processes.

These properties must appear after [Applications] in the configuration file.

Name Type Default Description

RunAs

string

rstudio-connect

User used to invoke R.

RunAsCurrentUser

boolean

false

Allows content to execute as the logged-in user when using PAM authentication.

Supervisor

string

<empty-string>

Specifies a command to wrap the execution of R.

HomeMounting

boolean

false

Specifies that the contents of /home should be hidden from R processes with additional bind mounts. The existing /home will have the home directory of the RunAs user mounted over it. If RunAs does not have a home directory, an empty temporary directory will mask /home instead. Launched R processes can discover this location through the the HOME environment variable.

ViewerOnDemandReports

boolean

false

Allow report viewers to generate an ad-hoc rendering. The ViewerCustomizedReports property is implicitly disabled when this property is disabled.

ViewerCustomizedReports

boolean

false

Allow report viewers to customize the parameters of an ad-hoc rendering.

BundleReapFrequency

duration

24 hours

Time between the worker that deletes filesystem data for bundles in excess of our retention limit.

BundleRetentionLimit

integer

0

Maximum number of bundles per app for which we want to retain filesystem data. The default is 0, which means retain everything.

ScheduleConcurrency

integer

2

Number of scheduled reports permitted to execute in parallel

ConnectionTimeout

duration

1h

Maximum time allowed without data sent or received across a client connection. A value of 0 means connections will never time-out (not recommended).

ReadTimeout

duration

1h

Maximum time allowed without data received from a client connection. A value of 0 means a lack of client (browser) interaction will never cause the connection to close. This is useful when deploying dashboard applications which send regular updates but have no need for interactivity.

DisabledProtocols

string

<empty-string>

List of comma-delimited protocols to disable on the SockJS client. Allows values of websocket, xhr-streaming, iframe-eventsource, iframe-htmlfile, xhr-polling, iframe-xhr-polling, or jsonp-polling

15.13 Performance/Scheduler

The Scheduler section contains configuration properties which control how RStudio Connect manages R processes for deployed Shiny applications. These properties are managed on an individual application under the Performance tab.

RStudio Connect makes a determination on each new client connection about whether or not it needs to spawn an additional R process. That computation analyzes the number of current R processes and the number of active connections against those processes. If a substantial percentage of connections are consumed, RStudio Connect will create a new process rather than causing the existing processes to become more busy. That percentage of connection use is called the “load factor”.

The algorithm that considers the current load factor looks like the following pseudocode.

// Given:
//   numProcesses
//     - The number of R processes for the current application.
//   numConnections
//     - The number of connections across all R processes associated
//       with the current application.
allowedConnections = numProcesses * Scheduler.MaxConnsPerProcess
currentLoadFactor = numConnections / allowedConnections
if currentLoadFactor > Scheduler.LoadFactor {
    // Create a new process if the new process will not exceed 
    // Scheduler.MaxProcesses
}

The Scheduler.InitTimeout and Scheduler.IdleTimeout properties may need adjusting when a Shiny application takes a very long time to startup. Increasing InitTimeout will allow more time for the Shiny application to start. An increase to IdleTimeout lets idle R processes linger longer so they are available the next time a request arrives - avoiding the startup penalty.

The scheduler properties can be changed in the configuration file and apply to all Shiny applictions. The RStudio Connect dashboard allows custom scheduler settings for individual applications.

We recommend that Scheduler property adjustment be done gradually.

These properties must appear after [Scheduler] in the configuration file.

Name Type Default Description

MaxProcesses

integer

3

Specifies the total number of concurrent R processes allowed for a single application.

MaxConnsPerProcess

integer

20

Specifies the maximum number of client connections allowed to an individual R process. Incoming connections which will exceed this limit are routed to a new R process or rejected.

LoadFactor

decimal

0.5

Controls how aggressively new R processes will be spawned.

InitTimeout

duration

60s

Maximum time to wait for an app to start.

IdleTimeout

duration

5s

Minimum time to keep a worker process alive after it goes idle.

MinProcessesLimit

integer

20

Maximum value allowed for the MinProcesses setting on an application level. All applications default to MinProcesses=0, but MinProcesses can be increased to this limit per application.

15.14 Jobs

The Jobs section contains configuration properties which control the retention of metadata associated with R process execution.

These properties must appear after [Jobs] in the configuration file.

Name Type Default Description

MaxCompleted

integer

100

The maximum number of completed jobs preserved on disk for any one application. When this limit is reached, the oldest completed jobs for an application will be deleted as new jobs are launched. On-disk job metadata is removed if either the MaxCompleted or OldestCompleted restrictions are violated.

OldestCompleted

duration

720h

The maximum age of a completed job retained on disk. Jobs older than this setting will be deleted. Set to zero to remove restrictions on the age of a completed job. On-disk job metadata is removed if either the MaxCompleted or OldestCompleted restrictions are violated.

15.15 Historical Metrics

The Metrics section contains configuration properties which control how RStudio Connect manages the rserver-monitor process for monitoring the use of resources (CPU, memory, etc.) for historical metrics.

See Section 14 for more details about historical metrics in Connect.

These properties must appear after [Metrics] in the configuration file.

Name Type Default Description

Enabled

boolean

true

Specifies whether or not the rserver-monitor process that collects historical metrics will be started.

User

string

{Applications.RunAs}

The user for the rserver-monitor process.

DataPath

string

{Server.DataDir}/metrics

The path for writing log entries and RRD database files.

Interval

duration

60s

The frequency of historical metrics collection.

RRDEnabled

boolean

true

Enable logging of historical metrics to RRD.

GraphiteEnabled

boolean

false

Enable logging of historical metrics to Graphite.

GraphiteHost

string

127.0.0.1

Host to which to send Graphite historical metrics.

GraphitePort

integer

2003

Port to which to send Graphite historical metrics.

GraphiteClientId

string

<empty-string>

Optional Client ID to include along with Graphite historical metrics.