A Configuration Options

This appendix documents the RStudio Connect configuration file format and enumerates the user-configurable options.

A.1 Configuration Basics

The RStudio Connect configuration file is located at /etc/rstudio-connect/rstudio-connect.gcfg. This configuration is read at startup and controls the operation of the service.

A.1.1 File Format

The RStudio Connect configuration file uses the gcfg (Go Config) format, which is derived from the Git Config format.

Here is an example of that format showing the different property types:

; Comment
[BooleanExamples]
property1 = true
property2 = off
property3 = 1

[IntegerExamples]
Property1 = 42
Property2 = -123

[DecimalExamples]
Property1 = 3.14
Property2 = 7.
Property3 = 2
Property4 = .217

[StringExamples]
Property1 = simple
Property2 = "quoted string"
Property3 = "escaped \"quote\" string"

[MultiStringExamples]
ListProperty = black
ListProperty = blue
ListProperty = green

[DurationExamples]
Property1 = 1000000000
Property2 = 500ms
Property3 = 1m15s  ; comment with a property

Comments always start with a semi-colon (;) or hash (#) and continue to the end of the line. Comments can be on lines by themselves or on a line with a property or section definition.

Configuration sections always begin with the name of the section bounded by square brackets. A section may appear multiple times and are additive with the last value for any property being retained. The following two configuration examples are equivalent.

[Example]
A = aligator
B = 2

[Example]
A = aardvark
C = shining

[Example]
A = aardvark
B = 2
C = shining

Each configuration property must be included in its appropriate section. Property and section names are interpreted case-insensitively.

Property definitions always have the form:

Name = value

The equals sign (=) is mandatory.

A.1.2 Multi-value Properties

If a property happens to to be given more than once, only the last value is retained. The “multi” properties are an exception to this rule; multiple entries are aggregated into a list.

[MultiExample]
Color = black
Color = blue

[NonMulti]
Animal = cat
Animal = dog

If Color is a multi-string property, both the “black” and “blue” values are used. If Animal is a normal string property, only the value “dog” is retained.

A.1.3 Property Types

Configuration properties all have one of the following types:

string

A sequence of characters. The value is taken as all characters from the first non-whitespace character after equal sign to the last non-whitespace character before the end-of-line or start of a comment. Double-quotes (") are supported, but usually unnecessary. A literal double-quote MUST be escaped and quoted itself like QuotedValue = "J.R. \"Bob\" Dobbs". Strings containing the comment characters ; and # also need to be quoted.

multi-string

A property that takes multiple string values. The property name is listed with each individual input value. For example, providing Color = black and Color = blue results in two separate values.

boolean

A truth value. The values true, yes, on, and 1 are interpreted as true. The values false, no, off, and 0 are interpreted as false.

integer

An integral value.

decimal

A numeric value with an optional fractional component. Values with and without a decimal point are allowed.

duration

A value specifying a length of time. When provided as a raw number, the value is interpreted as nanoseconds. Duration values can also be specified as a sequence of decimal numbers, each with optional fraction and unit suffix, such as 300ms, 1.5h, or 1m30s.

Valid time units are ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), and d (days).

version

A string representing a version. A version may have one to four numeric components, separated by periods or hyphens. Examples include 2, 2.5, 2.5.6, 2.5.6.1, and 2.5-6-11.

Each configuration property documented in this appendix includes its description, data type, and default value.

A.1.4 Reloadable Properties

Some properties are marked as “reloadable”. Sending a HUP signal to the Connect process causes the on-disk configuration to be reread. The server is reconfigured with the latest values of these reloadable properties. See 5.1 for details about sending a HUP signal to your Connect process.

Use a HUP signal when your configuration changes are limited to properties marked as reloadable. Perform a full restart of RStudio Connect when changing other properties.

A.2 Server

The Server section contains configuration properties which apply across the whole of RStudio Connect and are not appropriate for the other sections, which are generally narrower.

The properties which follow all must appear after [Server] in the configuration file.

DataDir: The directory where RStudio Connect will store its variable data.; Type: string; Default: /var/lib/rstudio-connect
TempDir: The directory that will contain all temporary directories needed by R processes. If TMPDIR environment variable is not defined then /tmp.; Type: string; Default: $TMPDIR
LandingDir: Specifies an optional path from which a customized landing page is served to logged-out users. See examples/landing-page for a directory containing a sample landing page.; Type: string; Default: <empty-string>
EnableSitemap: Specifies if RStudio Connect should provide a /sitemap.xml file enumerating the publicly available apps.; Type: boolean; Default: false
RVersionMatching: Specifies how RStudio Connect attempts to match R version associated with uploaded content with the R versions available on the system. Allows values of nearest or exact.; Type: string; Default: nearest
RVersion: Path to an R installation root. Multiple definitions can be used to provide multiple locations with R.; Type: multi-string; Default: unspecified
RVersionScanning: Scan for R installations in well-known locations.; Type: boolean; Default: true
CompilationConcurrency: The amount of parallelism allowed to make during R package installs. This value is passed to make as the value given to the -jNUM flag. The value DEFAULT_CPUS is derived from the number of available CPUs with the following calculation: max(1, min(8, (numcpu-1)/2)).; Type: integer; Default: #DEFAULT_CPUS
SourcePackageDir: A directory containing source bundles for packages that are unavailable on either CRAN or a public GitHub repository. Must be readable by the Applications.RunAs user.; Type: string; Default: <empty-string>
Address: A public URL for this RStudio Connect server such as https://connect.company.com/. Must be configured to enable features like including links to your content in emails.; Type: string; Default: <empty-string>
SenderEmail: An email address used by RStudio Connect to send outbound email. The system will not be able to send administrative email until this setting is configured.; Type: string; Default: <empty-string>
EmailSubjectPrefix: A leading subject prefix for all mail sent by RStudio Connect.; Type: string; Default: [RStudio Connect]
ViewerKiosk: When enabled, RStudio Connect does not prompt view-only users to request elevated privileges when attempting to access restricted resources.; Type: boolean; Default: false
HideEmailAddresses: When enabled, RStudio Connect will not expose email addresses in API requests or its dashboard.; Type: boolean; Default: false
MailAll: When enabled, RStudio Connect will allow scheduled and on-demand documents to send email to all users of the system.; Type: boolean; Default: false
PublicWarning: An HTML snippet used to inject a message into the RStudio Connect dashboard welcome pages.; Type: string; Default: <empty-string>; Reloadable: true
LoggedInWarning: An HTML snippet used to inject a message into the RStudio Connect recent views.; Type: string; Default: <empty-string>; Reloadable: true
ContentTypeSniffing: If disabled, sets the X-Content-Type-Options HTTP header to nosniff. When enabled, removes that header, allowing browsers to mime-sniff responses.; Type: boolean; Default: false
ServerName: By default, Connect sets the Server HTTP header to something like RStudio Connect v1.2.3. This setting allows you to override that value.; Type: string; Default: RStudio Connect vX.Y.Z-NNNN
AccessLog: Path to the file that RStudio Connect will use for its access logs. Disabled when empty.; Type: string; Default: /var/log/rstudio-connect.access.log
CustomHeader: Custom HTTP header that should be added to responses from Connect in the format of key: value. The left side of the first colon in the string will become the header name; everything after the first colon will be the header value. Both will be trimmed of leading/trailing whitespace. This will always add a new header with the specified value; it will never override a header that Connect would otherwise have set. Multiple definitions can be used to provide multiple custom headers.; Type: multi-string; Default: unspecified
FrameOptionsContent: The value for the X-Frame-Options HTTP header for all user-uploaded content (Shiny apps, RMDs, etc.). If empty, no header will be added.; Type: string; Default: <empty-string>
FrameOptionsDashboard: The value for the X-Frame-Options HTTP header for the Connect dashboard and all other Connect pages. If empty, no header will be added.; Type: string; Default: DENY
HideVersion: If true, will suppress display of the server version and build numbers.; Type: boolean; Default: false
NodeName: The name of this node. If not specified, the contents of the RSTUDIO_CONNECT_NODE_NAME environment variable or the special file /proc/sys/kernel/hostname are used, in that order.; Type: string; Default: $RSTUDIO_CONNECT_NODE_NAME

A.3 HTTP

The HTTP section contains configuration properties which control the ability of RStudio Connect to listen for HTTP requests. RStudio Connect must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [HTTP] in the configuration file.

Listen: RStudio Connect will listen on this network address for HTTP connections. The network address can be of the form :80 or 192.168.0.1:80. Either HTTP.Listen or HTTPS.Listen is required.; Type: string; Default: <empty-string>
NoWarning: Disables warnings about insecure (HTTP) connections.; Type: boolean; Default: false
ForceSecure: RStudio Connect will mark cookies secure on its unsecured connection. This option should be used when RStudio Connect is behind a secure proxy.; Type: boolean; Default: false

A.4 HTTPS

The HTTPS section contains configuration properties which control the ability of RStudio Connect to listen for HTTPS requests. RStudio Connect must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [HTTPS] in the configuration file.

Listen: RStudio Connect will listen on this network address for HTTPS connections. The network address can be of the form :443 or 192.168.0.1:443. Either HTTP.Listen or HTTPS.Listen is required.; Type: string; Default: <empty-string>
Key: Path to a private key file corresponding to the certificate specified with HTTPS.Certificate. Required when HTTPS.Certificate is specified.; Type: string; Default: <empty-string>
Certificate: Path to a TLS certificate file. If the certificate is signed by a certificate authority, the certificate file should be the concatenation of the server’s certificate followed by the CA’s certificate. Must be paired with HTTPS.Key.; Type: string; Default: <empty-string>
Permanent: Advertises to all visitors that this server should only ever be hosted securely via HTTPS. WARNING: if this is set to true – even temporarily – visitors may be permanently denied access to your server over an unsecured (non-HTTPS) protocol. This sets the secure flag on all session cookies and adds a Strict-Transport-Security HTTP header with a value of 30 days.; Type: boolean; Default: false
MinimumTLS: Minimum TLS version supported. Valid values are 1.0, 1.1, and 1.2.; Type: string; Default: 1.1
ExcludedCiphers: List of IANA strings for ciphers to exclude. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xml for a list of all known cipher strings. e.g.: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA excludes DES ciphers.; Type: multi-string; Default: unspecified

A.5 HTTPRedirect

The HTTPRedirect section contains configuration properties which control the ability of RStudio Connect to listen for HTTP requests and then redirect all traffic to some alternate location. This is useful when paired with an HTTPS.Listen configuration.

These properties must appear after [HTTPRedirect] in the configuration file.

Listen: RStudio Connect will listen on this network address for HTTP connection and redirect to either the HTTPRedirect.Target or Server.Address target location. The network address can be of the form :8080 or 192.168.0.1:8080. Useful when you wish all requests to be served over HTTPS and send users to that location should they accidentally visit via an HTTP URL. Must be paired with either HTTPRedirect.Target or Server.Address.; Type: string; Default: <empty-string>
Target: The target for redirects when users visit the HTTPRedirect.Listen HTTP service. Server.Address is used as a redirect target if this property is not specified.; Type: string; Default: <empty-string>

A.6 Licensing

The Licensing section contains configuration properties which control how RStudio Connect interacts with its licensing system.

These properties must appear after [Licensing] in the configuration file.

LicenseType: Enable remote or local validation. local is traditional activation, whereas remote uses floating licensing.; Type: string; Default: local
RemoteRetryFrequency: When Connect loses its lease, it will begin automatically attempting to acquire a lease by RemoteRetryFrequency. Use a value of 0 to disable retries.; Type: duration; Default: 10s
ExpirationEmail: Enables sending of email when the license approaches expiration.; Type: boolean; Default: true
ExpirationUIWarning: Enables display of dashboard warning to admin and publishers when the license approaches expiration.; Type: boolean; Default: true

A.7 Database

The Database section contains configuration properties which control the location of and how RStudio Connect interacts with its database.

These properties must appear after [Database] in the configuration file.

Provider: The type of database. Either sqlite or postgres.; Type: string (case-insensitive); Default: sqlite
Dir: The directory to store database support files.; Type: string; Default: {Server.DataDir}/db
MaxIdleConnections: The maximum number of database connections that should be retained after they become idle. If this value is less-than or equal-to zero, no idle connections are retained.; Type: integer; Default: 5
MaxOpenConnections: The maximum number of open connections to the database. If this value is less-than or equal-to zero, then there is no limit to the number of open connections.; Type: integer; Default: 10
ConnectionMaxLifetime: The maximum amount of time a connection to the database may be reused. If this value is less-than or equal-to zero, then connections are reused forever.; Type: duration; Default: 60s

A.8 SQLite

The SQLite section contains configuration properties which control the location of and how RStudio Connect interacts with the SQLite database.

These properties must appear after [SQLite] in the configuration file.

Dir: The directory containing the RStudio Connect database. Must reference a directory on the local filesystem and not on a networked volume like NFS.; Type: string; Default: {Database.Dir}
Backup: When enabled and Provider is sqlite, periodically backs up the database; Type: boolean; Default: true
BackupFrequency: How often to back up the SQLite database; Type: duration; Default: 24h
BackupRetentionLimit: Connect will periodically delete backups older than this number. Set to 0 to disable sweeping, for example, if you plan to manage your backups with an external task.; Type: integer; Default: 3

A.9 Postgres

The Postgres section contains configuration properties which control the location of and how RStudio Connect interacts with its postgres.

These properties must appear after [Postgres] in the configuration file.

URL: The fully qualified URL to connect to a Postgres database; Type: string; Default: <empty-string>
InstrumentationURL: The fully qualified URL to connect to a Postgres database where instrumentation data will be written.; Type: string; Default: <empty-string>

A.10 Authentication

The Authentication section contains configuration properties which control how users will log into RStudio Connect.

These properties must appear after [Authentication] in the configuration file.

Provider: Specifies the type of user authentication. Allows values of password, oauth2, ldap, pam, or proxy.; Type: string (case-insensitive); Default: password
Name: Specifies a meaningful name for your authentication provider. This presented on the sign-in page and gives users context about the credentials being requested. If unspecified, RStudio Connect will use a generic name for the chosen provider. Just using your company name is often a good choice.; Type: string; Default: RStudio Connect
Lifetime: The lifetime of an authenticated session.; Type: duration; Default: 30d
Inactivity: The period of time after which inactive sessions are considered idle and therefore invalid. Effective only when non-zero and less than Authentication.Lifetime.; Type: duration; Default: 0
Notice: Text of notice displayed to the user on the login, sign up, and user completion pages. Useful for displaying notices and reminders to users about the system and the data they enter.; Type: string; Default: <empty-string>
APIKeyAuth: Whether API key authentication is enabled.; Type: boolean; Default: true
ChallengeResponseEnabled: Whether a second factor challenge-response is enabled; Type: boolean; Default: false
CookieSweepDuration: Duration between sweeps of expired cookies; Type: duration; Default: 1h

A.11 Password

The Password section contains configuration properties which control how RStudio Connect’s default password authentication provider behaves.

See Section 10.5 for details about configuring password authentication for RStudio connect.

These properties must appear after [Password] in the configuration file.

SelfRegistration: Allow users to self-register. Self-registered users will be created using the role specified in the Authorization.DefaultUserRole setting.; Type: boolean; Default: true
UserInfoEditableBy: Specifies who is able to modify user attributes. Accepted configurations are ‘Admin’ or ‘AdminAndSelf’. If ‘Admin’ is specified, only administrators can edit user attributes. ‘AdminAndSelf’ expands the permissions by allowing a user to edit their own user attributes.; Type: string (case-insensitive); Default: AdminAndSelf
WebSudoMode: Whether web-sudo mode is enabled. Web-sudo mode will ensure that users are prompted to re-enter their password before performing sensitive actions.; Type: boolean; Default: true
WebSudoModeDuration: The lifetime of web-sudo mode. This is the amount of time before a user will be prompted to enter their password again when performing sensitive actions.; Type: duration; Default: 5m

A.12 OAuth2

The OAuth2 section contains configuration properties which control how RStudio Connect communicates with Google OAuth2 servers in order to authenticate users.

Section 10.7 contains more information about configuring RStudio Connect to use Google for authentication.

These properties must appear after [OAuth2] in the configuration file.

ClientId: Identifier for OAuth2 client. Required for all OAuth2 configurations.; Type: string; Default: <empty-string>
ClientSecret: Client secret for the configured client ID. One of OAuth2.ClientSecret or OAuth2.ClientSecretFile must be specified when using OAuth2.; Type: string; Default: <empty-string>
ClientSecretFile: Path to file containing the client secret for the configured client ID. One of OAuth2.ClientSecret or OAuth2.ClientSecretFile must be specified when using OAuth2.; Type: string; Default: <empty-string>
AllowedDomains: Space-separated list of domains permitted to authenticate.; Type: string; Default: <empty-string>; Reloadable: true
AllowedEmails: Space-separated list of email addresses permitted to authenticate. When used without OAuth2.AllowedDomains, only the email addresses listed here will be allowed access. When used with OAuth2.AllowedDomains, the email addresses listed here will be added to those with valid domains.; Type: string; Default: <empty-string>; Reloadable: true
DemoteSearchErrors: Disables logging of user search errors. Recommended only for public servers where gmail.com accounts or accounts from multiple, unrelated Google Apps domains appear.; Type: boolean; Default: false
RegisterOnFirstLogin: Allow users to be created on their first login attempt. Otherwise users must be created ahead of the first login which varies across authentication providers. Users will be created using the role specified in the Authorization.DefaultUserRole setting.; Type: boolean; Default: true

A.13 LDAP

The LDAP section contains configuration properties which control how RStudio Connect communicates with an LDAP or Active Directory server.

See Section 10.6 for details about how to configure RStudio Connect with LDAP authentication. Section D contains many configuration examples.

The LDAP section is different from many other configuration sections, as it allows multiple, distinctly named configuration instances. This name is case sensitive. A named section looks like:

[LDAP "European LDAP Server"]

All of the LDAP configuration properties must appear after [LDAP "<name>"] in the configuration file.

ServerAddress: Specifies the location of the LDAP/AD server. This should be of the form <host>:<port>. The host may be either an IP or DNS address. Most LDAP/AD servers operate on port 389 or 636.; Type: string; Default: <empty-string>
TLS: When enabled, all connections to your LDAP/AD server will use TLS (SSL).; Type: boolean; Default: false
StartTLS: When enabled, the connection will initially be made on an insecure port then the channel will be upgraded to TLS using StartTLS.; Type: boolean; Default: false
ServerTLSInsecure: This option controls if RStudio connect will verify the server’s certificate chain and host name. When enabled, RStudio Connect will accept any certificate presented by the server and any host name in that certificate. Setting to true is susceptible to man-in-the-middle attacks but is required in some circumstances, such as when using a self-signed certificate.; Type: boolean; Default: false
TLSCACertificate: Path to a certificate authority used to connect an LDAP server.; Type: string; Default: <empty-string>
UserObjectClass: The name of the LDAP objectClass used to define users.; Type: string; Default: <empty-string>
UserFilterBase: An LDAP filter clause used to select user objects. Defaults to objectClass={UserObjectClass}.; Type: string; Default: <empty-string>
UserFirstNameAttribute: The LDAP user attribute containing a user’s first name. This is often the givenName attribute. This attribute is case-sensitive.; Type: string; Default: <empty-string>
UserLastNameAttribute: The LDAP user attribute containing a user’s last name. The sn attribute will usually contain last name. This attribute is case-sensitive.; Type: string; Default: <empty-string>
UserEmailAttribute: The LDAP user attribute containing a user’s email address. Many systems use the mail attribute. This attribute is case-sensitive.; Type: string; Default: <empty-string>
UsernameAttribute: The LDAP user attribute containing a user’s username. Commonly used attributes include uid, cn, and sAMAccountName. This attribute is case-sensitive.; Type: string; Default: <empty-string>
UniqueIdAttribute: The LDAP attribute with an immutable value which uniquely identifies objects. Commonly used attributes include objectGUID (Microsoft AD), entryUUID (OpenLDAP), orclGuid (Oracle OID), ibm-entryUUID (IBM RACF), GUID (Novell eDirectory). Please refer to your LDAP vendor documentation for the correct value.; Type: string; Default: DN
BindDN: A DN for a read-only admin account that is used during double-bind authentication and for certain operations that do not occur during the login sequence (such as searching). Must be paired with BindPassword.; Type: string; Default: <empty-string>
BindPassword: The password for the BindDN account.; Type: string; Default: <empty-string>
BindPasswordFile: Path to file containing the bind password. Either BindPassword or BindPasswordFile may be specified when using LDAP, but if both are set, it is an error.; Type: string; Default: <empty-string>
AnonymousBind: Enable anonymous bind. An anonymous user must have rights to search and view all pertinent groups, group memberships, and users.; Type: boolean; Default: false
UserSearchBaseDN: The base DN used when performing user searches.; Type: string; Default: <empty-string>
PermittedLoginGroup: Limit who can log into Connect by specifying a group DN. Multiple definitions can be used to provide multiple groups.; Type: multi-string; Default: unspecified
GroupObjectClass: The name of the LDAP ‘objectClass’ used to define groups. Commonly this is ‘group’ or ‘posixGroup’.; Type: string; Default: <empty-string>
GroupSearchBaseDN: The base DN used when performing group searches.; Type: string; Default: <empty-string>
GroupFilterBase: An LDAP filter clause used to select group objects. Defaults to objectClass={GroupObjectClass}.; Type: string; Default: <empty-string>
GroupNameAttribute: The LDAP group attribute containing a group’s name. Commonly this is ‘cn’ or ‘sAMAccountName’. This attribute is case-sensitive.; Type: string; Default: <empty-string>
GroupUniqueIdAttribute: The LDAP attribute with an immutable value which uniquely identifies groups. In general, users and groups use the same value. Please refer to your LDAP vendor documentation for the correct value for groups.; Type: string; Default: DN
Logging: Enables logging for all LDAP operations.; Type: boolean; Default: false
WebSudoMode: Whether web-sudo mode is enabled. Web-sudo mode will ensure that users are prompted to re-enter their password before performing sensitive actions.; Type: boolean; Default: true
WebSudoModeDuration: The lifetime of web-sudo mode. This is the amount of time before a user will be prompted to enter their password again when performing sensitive actions.; Type: duration; Default: 5m
RegisterOnFirstLogin: Allow users to be created on their first login attempt. Otherwise users must be created ahead of the first login which varies across authentication providers. Users will be created using the role specified in the Authorization.DefaultUserRole setting.; Type: boolean; Default: true

A.14 PAM

The PAM section contains configuration properties which control how RStudio Connect interacts with the PAM (Pluggable Authentication Module) API.

See Section 10.8 for details about configuring an appropriate PAM authentication profile for RStudio connect.

See Section 12.7 for information about using PAM sessions when launching processes.

These properties must appear after [PAM] in the configuration file.

Service: Specifies the PAM service name that RStudio Connect will use when authenticating users.; Type: string; Default: rstudio-connect
UseSession: Use PAM sessions when launching R processes.; Type: boolean; Default: false
SessionService: Specifies the PAM service name that RStudio Connect will use for running R processes. This PAM service cannot require user credentials when executed by root, or all R processes run by Connect will fail yielding error code 70.; Type: string; Default: su
AuthenticatedSessionService: Specifies the PAM service name that RStudio Connect will use for running R processes with cached user credentials. This can be used with a Kerberized PAM service if Kerberos exposes certain resources to the R process.; Type: string; Default: su
WebSudoMode: Whether web-sudo mode is enabled. Web-sudo mode will ensure that users are prompted to re-enter their password before performing sensitive actions.; Type: boolean; Default: true
WebSudoModeDuration: The lifetime of web-sudo mode. This is the amount of time before a user will be prompted to enter their password again when performing sensitive actions.; Type: duration; Default: 5m
RegisterOnFirstLogin: Allow users to be created on their first login attempt. Otherwise users must be created ahead of the first login which varies across authentication providers. Users will be created using the role specified in the Authorization.DefaultUserRole setting.; Type: boolean; Default: true

A.15 Proxied Authentication

The ProxyAuth section contains configuration properties which control how RStudio Connect utilizes an external authentication server which proxies all requests.

See Section 10.9 for details about configuring an appropriate proxied authentication for RStudio connect.

UsernameHeader: Specifies the name of the header that will contain a username provided by the proxy.; Type: string; Default: X-Auth-Username
Logging: Enables logging for all Proxy Auth operations.; Type: boolean; Default: false
RegisterOnFirstLogin: Allow users to be created on their first login attempt. Otherwise users must be created ahead of the first login which varies across authentication providers. Users will be created using the role specified in the Authorization.DefaultUserRole setting.; Type: boolean; Default: true

A.16 Authorization

The Authorization section contains configuration properties which control permissions and privileges when accessing RStudio Connect.

These properties must appear after [Authorization] in the configuration file.

DefaultUserRole: Specifies what abilities given to a newly created user. Allows values viewer, publisher, or administrator.; Type: string (case-insensitive); Default: viewer
UsersListingMinRole: Specifies the minimum role level required to list users. Allows values viewer, publisher, or administrator.; Type: string (case-insensitive); Default: viewer

A.17 Applications

The Applications section contains configuration properties which control how RStudio Connect communicates with the processes associated with deployed content.

These properties must appear after [Applications] in the configuration file.

RunAs: User used to invoke R.; Type: string; Default: rstudio-connect
RunAsCurrentUser: Allows content to execute as the logged-in user when using PAM authentication.; Type: boolean; Default: false
RConfigActive: Specifies a value for the R_CONFIG_ACTIVE environment variable for R processes; supported by the config package.; Type: string; Default: rsconnect
Supervisor: Specifies a command to wrap the execution of R.; Type: string; Default: <empty-string>
HomeMounting: Specifies that the contents of /home should be hidden from R processes with additional bind mounts. The existing /home will have the home directory of the RunAs user mounted over it. If RunAs does not have a home directory, an empty temporary directory will mask /home instead. Launched R processes can discover this location through the the HOME environment variable.; Type: boolean; Default: false
TempMounting: Specifies that per-process temporary directories are hidden from other R processes with additional bind mounts. If disabled, R processes may inspect or modify the temporary data of other processes.; Type: boolean; Default: true
ProhibitedEnvironment: Environment variables that users are not allowed to override. Environment variables specified here will be added to the default set.; Type: multi-string; Default: CONNECT_SHARED_SECRET, HOME, LOGNAME, R_CONFIG_ACTIVE, RETICULATE_PYTHON, RSC_EMAIL_SUBJECT, RSC_REPORT_NAME, RSC_REPORT_RENDERING_URL, RSC_REPORT_SUBSCRIPTION_URL, RSC_REPORT_URL, RSTUDIO_PANDOC, TMPDIR, USER, USERNAME, VIRTUALENV, VIRTUALENV_HOME, WORKON_HOME
ShinyBookmarking: Toggles support for on-disk Shiny bookmarking state. Configuring Shiny applications to use server bookmarking is described in this article.; Type: boolean; Default: true
ShinyErrorSanitization: Toggles support for Shiny error sanitization as described in this article.; Type: boolean; Default: true
ShinyIsolation: Specifies if a multi-Shiny R Markdown document deployment attempts to serve all documents from a single process. Disable if interactive documents expect in-process shared state.; Type: boolean; Default: true
ExplicitPublishing: Content requires an explicit publication step after creation.; Type: boolean; Default: false
MostPermissiveAccessType: The broadest access type publishers may assign to content. More permissive access types are disallowed. Applies to administrators when Applications.AdminMostPermissiveAccessType is not set. Allows values all, logged_in, or acl.; Type: string; Default: all
AdminMostPermissiveAccessType: The broadest access type administrators may assign to content. More permissive access types are disallowed. The Applications.MostPermissiveAccessType value applies to administrators when this property is not set.; Type: string; Default: all
MaxAppImageSize: The maximum file size(in bytes) allowed for an application image.; Type: integer; Default: 10000000
RenderingSweepLimit: The maximum number of renderings retained for any one application. When this limit is reached, the oldest renderings for an application will be removed. If this setting is not set or is less than 1, Connect will not remove renderings with respect to the number of renderings per application.; Type: integer; Default: 30
RenderingSweepAge: The maximum age of a rendering retained for any one application. Renderings older than this setting will be removed. If this setting is not set or is of a zero value, Connect will not remove renderings with regards to its age.; Type: duration; Default: 30d
RenderingSweepFrequency: How often should Connect look for and purge renderings.; Type: duration; Default: 1h
ViewerOnDemandReports: Allow logged in report viewers to generate an ad-hoc rendering. The ViewerCustomizedReports property is implicitly disabled when this property is disabled.; Type: boolean; Default: false
ViewerCustomizedReports: Allow logged in report viewers to customize the parameters of an ad-hoc rendering.; Type: boolean; Default: false
BundleReapFrequency: Time between the worker that deletes filesystem data for bundles in excess of our retention limit.; Type: duration; Default: 24h
BundleRetentionLimit: Maximum number of bundles per app for which we want to retain filesystem data. The default is 0, which means retain everything.; Type: integer; Default: 0
ScheduleConcurrency: Number of scheduled reports permitted to execute in parallel. A setting of zero disables scheduled execution on this host.; Type: integer; Default: 2
DisabledProtocols: List of comma-delimited protocols to disable on the SockJS client. Allows values of websocket, xhr-streaming, iframe-eventsource, iframe-htmlfile, xhr-polling, iframe-xhr-polling, or jsonp-polling. Protocols xdr-streaming and xdr-polling are always disabled.; Type: string; Default: <empty-string>

A.18 Packages

The Packages section contains configuration properties which alter how R packages are installed and managed. See Section 15 for details.

These properties must appear after [Packages] in the configuration file.

HTTPProxy: Value to be set for the http_proxy environment variable during package installation when content is deployed. When set, this will override the http_proxy environment variable only when content is built by connect.; Type: string; Default: <empty-string>
HTTPSProxy: Value to be set for the https_proxy environment variable during package installation when content is deployed. When set, this will override the https_proxy environment variable only when content is built by connect.; Type: string; Default: <empty-string>
External: Package to be excluded from packrat build. This can be provided multiple times, once for each package. You will need this package available in your library path.; Type: multi-string; Default: unspecified

A.19 Client

The Client section contains configuration properties which control the behavior of browsers when interacting with applications. Interactive Shiny applications are the primary example.

These properties must appear after [Client] in the configuration file.

ReconnectTimeout: The amount of time to allow a user connection to be restored. If a zero value, reconnects will be disabled. Disabling reconnects can cause instability with the session$allowReconnects(TRUE) feature in Shiny.; Type: duration; Default: 15s

A.20 Runtime/Scheduler

The Scheduler section contains configuration properties which control how RStudio Connect manages processes for deployed Shiny applications and APIs. These properties are managed on an individual application under the Runtime tab.

RStudio Connect makes a determination on each new client connection about whether or not it needs to spawn an additional process. That computation analyzes the number of current processes and the number of active connections against those processes. If a substantial percentage of connections are consumed, RStudio Connect will create a new process rather than causing the existing processes to become more busy. That percentage of connection use is called the “load factor”.

The algorithm that considers the current load factor looks like the following pseudocode.

// Given:
//   numProcesses
//     - The number of processes for the current application.
//   numConnections
//     - The number of connections across all processes associated
//       with the current application.
allowedConnections = numProcesses * Scheduler.MaxConnsPerProcess
currentLoadFactor = numConnections / allowedConnections
if currentLoadFactor > Scheduler.LoadFactor {
    // Create a new process if the new process will not exceed
    // Scheduler.MaxProcesses
}

The Scheduler.InitTimeout and Scheduler.IdleTimeout properties may need adjusting when a Shiny application takes a very long time to startup. Increasing InitTimeout will allow more time for the Shiny application to start. An increase to IdleTimeout lets associated idle processes linger longer so they are available the next time a request arrives - avoiding the startup penalty.

Worker processes are terminated when none of the following hold:

Active client connections to the process
Client connection during prior Schedule.IdleTimeout period
Process is needed to satisfy the LoadFactor application setting
Process is needed to satisfy the MinProcesses application setting

Any one of these conditions will keep a worker process alive. Consider a Shiny application configured with IdleTimeout=10m and MinProcesses=1. The process continues running if it is the only instance of that application, well beyond its configured IdleTimeout. Terminating that process would violate the MinProcesses=1 constraint.

The scheduler properties can be changed in the configuration file and apply to all Shiny applictions. The RStudio Connect dashboard allows custom scheduler settings for individual applications.

We recommend that Scheduler property adjustment be done gradually.

These properties must appear after [Scheduler] in the configuration file.

MaxProcesses: Specifies the total number of concurrent R processes allowed for a single application.; Type: integer; Default: 3
MaxConnsPerProcess: Specifies the maximum number of client connections allowed to an individual R process. Incoming connections which will exceed this limit are routed to a new R process or rejected.; Type: integer; Default: 20
LoadFactor: Controls how aggressively new R processes will be spawned.; Type: decimal; Default: 0.5
InitTimeout: Maximum time to wait for an app to start.; Type: duration; Default: 60s
IdleTimeout: Minimum time a worker process remains alive after it goes idle (no active connections).; Type: duration; Default: 5s
MinProcessesLimit: Maximum value allowed for the MinProcesses setting on an application level. All applications default to MinProcesses=0, but MinProcesses can be increased to this limit per application.; Type: integer; Default: 10
MaxProcessesLimit: Maximum value allowed for the MaxProcesses setting on an application level. All applications take the value of MaxProcesses as default but can be individually adjusted. This setting prohibits a single application from consuming too many processes.; Type: integer; Default: 20
ConnectionTimeout: Maximum time allowed without data sent or received across a client connection. A value of 0 means connections will never time-out (not recommended).; Type: duration; Default: 1h
ReadTimeout: Maximum time allowed without data received from a client connection. A value of 0 means a lack of client (browser) interaction will never cause the connection to close. This is useful when deploying dashboard applications which send regular updates but have no need for interactivity.; Type: duration; Default: 1h

A.21 Jobs

The Jobs section contains configuration properties which control the retention of metadata associated with process execution.

These properties must appear after [Jobs] in the configuration file.

MaxCompleted: The maximum number of completed jobs preserved on disk for any one application. When this limit is reached, the oldest completed jobs for an application will be deleted as new jobs are launched. On-disk job metadata is removed if either the MaxCompleted or OldestCompleted restrictions are violated.; Type: integer; Default: 1000
OldestCompleted: The maximum age of a completed job retained on disk. Jobs older than this setting will be deleted. Set to zero to remove restrictions on the age of a completed job. On-disk job metadata is removed if either the MaxCompleted or OldestCompleted restrictions are violated.; Type: duration; Default: 30d

A.22 Historical Information

The Metrics section contains configuration properties which control how RStudio Connect manages the rserver-monitor process for monitoring the use of resources (CPU, memory, etc.) for historical metrics. It also controls how discrete event instrumentation is managed.

See Section 16 for more details about historical information in Connect.

These properties must appear after [Metrics] in the configuration file.

Enabled: Specifies whether or not the rserver-monitor process that collects historical metrics will be started.; Type: boolean; Default: true
User: The user for the rserver-monitor process.; Type: string; Default: {Applications.RunAs}
DataPath: The path for writing log entries and RRD database files.; Type: string; Default: {Server.DataDir}/metrics
Interval: The frequency of historical metrics collection.; Type: duration; Default: 60s
RRDEnabled: Enable logging of historical metrics to RRD.; Type: boolean; Default: true
GraphiteEnabled: Enable logging of historical metrics to Graphite.; Type: boolean; Default: false
GraphiteHost: Host to which to send Graphite historical metrics.; Type: string; Default: 127.0.0.1
GraphitePort: Port to which to send Graphite historical metrics.; Type: integer; Default: 2003
GraphiteClientId: Optional Client ID to include along with Graphite historical metrics.; Type: string; Default: <empty-string>
Instrumentation: Enable the recording of instrumented data, such as shiny app usage by user.; Type: boolean; Default: true
InstrumentationServerHeartbeat: Controls how often the server will update its lifetime.; Type: duration; Default: 30m

A.23 Load Balancing

The LoadBalancing section contains a configuration property that determines whether or not clients must use a version of rsconnect with cookie-based sticky session support.

These properties must appear after [LoadBalancing] in the configuration file.

EnforceMinRsconnectVersion: Require a minimum version of rsconnect for cookie-based sticky session support.; Type: boolean; Default: false