Skip to content



ContainerProxy is an application that launches and manages containers for users, to perform specific tasks. Examples include:

  • Run interactive Shiny apps
  • Execute long-running R jobs
  • Run interactive R consoles

While you can use ContainerProxy directly to perform such tasks, it is often more convenient to use one of the products that are derived from ContainerProxy:

These derived products all use ContainerProxy under the hood, but they have their own user interface and add several convenient features on top. For example, all Shiny apps run on port 3838 by default, so ShinyProxy will make this assumption and not require you to specify any port in your application configuration file.


As the name suggests, ContainerProxy is essentially a proxy. An HTTP proxy, to be precise.

containerproxy architecture

Using a User Interface (UI) or an API, users can launch private containers that are managed and proxied by ContainerProxy. Each proxy has zero or more endpoints, which are URLs that proxy onto a specific port of the container(s).

For example, if your app exposes a web user interface on port 8080, ContainerProxy will route traffic from the endpoint to that port.

In ContainerProxy land, a proxy is always based on a proxy spec. This is a piece of configuration (usually defined in ContainerProxy's configuration file, called application.yml). A proxy spec can be very short, for example:

  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app
    - image: openanalytics/shinyproxy-demo
      cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
        default: 3838

The above spec defines an app named '01_hello', which runs a single container and exposes port 3838 on the proxy's endpoint. For more information on ContainerSpecs, see here.


ContainerProxy is designed to be a feature-complete 'toolbox', allowing you to toggle just the features that you need via a simple configuration file.

These features include:

  • Authentication : choose between multiple enterprise-grade authentication and authorization methods, such as LDAP, Keycloak, or OpenID Connect.
  • Container backend : choose the container service that fits with your infrastructure: Docker, Docker Swarm, or Kubernetes.
  • Proxy keep-alive : a timeout mechanism can be enabled to automatically close idle proxies after a specific time period.
  • Container logging : log files can be kept for any containers launched, for debug or support purposes.
  • Usage statistics : information about user logins and app usage can be stored in a database.