Comments (5)
SSL (TLS) is quite a complex subject. For example, you can only have one component/program handling HTTPS certificates in a single IP (in a single server). If you handle it directly in your app code/Gunicorn, you won't be able to have more than one domain on that IP.
I suggest you delegate that to a dedicated component, it's called a TLS Termination Proxy, and it's a common practice.
To learn more about HTTPS handling, check this section in FastAPI: https://fastapi.tiangolo.com/deployment/#https
Let me suggest you use Traefik. It can handle HTTPS certificates for multiple domains, it has free automatic acquisition with Let's Encrypt, and automatic renewals too.
For more info about how to set it up, you can try https://dockerswarm.rocks/
from meinheld-gunicorn-flask-docker.
I also ran into problems getting Gunicorn to serve HTTPS traffic. It would be nice to use the power of Docker and env vars to configure HTTPS with
ENV PORT=443
ENV GUNICORN_CMD_ARGS="--keyfile=/app/my_key.pem --certfile=/app/my_cert.crt"
But it seems that even with Python 3.7 and Gunicorn 20.0.3, a client fails with ERR_SSL_PROTOCOL_ERROR
. Trying to use add command line args via the bottom env var above was of no help (ie --ssl-version=5
since it defaults to 2
and/or setting a --ciphers
list). My use case is that I write light web apps for coworkers to use internally which don't receive enough traffic to need a load balancer etc. I'm looking for a 1-stop-shop solution like how tiangolo/uwsgi-nginx-flask was, to make my flask app more robust than the built-in development server, but without needing to wrangle several layers of software to get things running.
As an aside, I'm looking forward to using your FastAPI for my next API project!
from meinheld-gunicorn-flask-docker.
I have a similar use case. An simple internal application.
I ended up moving back to the https://github.com/tiangolo/uwsgi-nginx-flask-docker base and including this custom nginx.conf file in my app directory.
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server{
listen 80;
listen 443 default ssl;
location / {
try_files $uri @app;
}
location @app {
include uwsgi_params;
uwsgi_pass unix:///tmp/uwsgi.sock;
}
location /static {
alias /app/app/static;
}
ssl_certificate /app/server.crt;
ssl_certificate_key /app/server.key;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
daemon off;
from meinheld-gunicorn-flask-docker.
Thanks for the report @gsainsbury86 !
Would that solve your use case @hamx0r ?
from meinheld-gunicorn-flask-docker.
Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.
from meinheld-gunicorn-flask-docker.
Related Issues (20)
- gunicorn kills processes in an endless loop HOT 1
- Error : could not import "app.app"
- Running application on subpath
- Enable SSH HOT 3
- Long Loading Time for Application HOT 6
- Compression HOT 2
- Statsd export HOT 2
- Unable to use blueprints HOT 1
- werkzeug request.query_string is of type `str` rather than `bytes` HOT 4
- How to pass in 'runserver command' when using app.manager() HOT 1
- critical vulnerabilities when pushing image to ECR HOT 2
- Printing worker logs HOT 2
- issue with image entrypoint.sh HOT 1
- Container not accepting requests
- consider exposing worker_connections as a config setting
- 404 on Static folder HOT 1
- Gunicorn conig .py file with 2 workers and 2 threads handles just 2 requests in parallel
- print logs not displaying in log file until reboot of container HOT 3
- M1 Mac support HOT 2
- Many security issues reported by GCP Container scanning HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meinheld-gunicorn-flask-docker.