Python Flask - Give https to Flask WebServer

Earlier, I briefly looked at how to use the Flask web server and how to use the domain name. This time I will see how to apply https.
Recently, it is recommended to use https instead of weak security http. And if you are providing important information through REST API, use of https is necessary to prevent this information from being leaked.


Let's Encrypt


Select Certbot from "With Shell Access" at https://letsencrypt.org/getting-started/.


On the CertBot page, select the web server and operating system.
The Flask we use is not included in the web server list. Therefore, select "None of the above". The operating system is the operating system of the device you connected the domain name to earlier. I am using CentOS7 but you can choose your operating system.


Now, looking at the bottom of the screen, it guides you through the appropriate installation method for the operating system and web server.
When using Flask on CentOS 7, you will be prompted to add the EPEL repository and then install certbot with the yum command. Proceed according to the screen contents.

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum update
yum install certbot

And after the installation is completed, use the certbot command to generate the certificate.

Be Careful : Make sure to run the certbot command without any process using port 80. The port occupancy check can be done with the netstat -tnlp command.


certbot certonly --standalone

Then follow the on-screen instructions and enter the appropriate values. If it is done properly, you can see the following message.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for spypiggy.ga
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/spypiggy.ga/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/spypiggy.ga/privkey.pem
   Your cert will expire on 2020-10-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can see that the certificate file and key file are stored in the /etc/letsencrypt/live/spypiggy.ga/ directory. Now you can use these keys to provide https service.

It is very easy to use the certificate issued by Flask.
Just add the ssl_contex variable in the app.run function.
The following is the file that was first tested after installing Flask and changed to the https version.

from flask import Flask
import ssl
app = Flask(__name__)
IPADDR = '117.52.89.240'

@app.route('/')
def index():
    return 'Hello Flask'

@app.route('/info')
def info():
    return 'Info'


if __name__ == "__main__":
    ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
    ssl_ctx.load_cert_chain(certfile='/etc/letsencrypt/live/spypiggy.ga/fullchain.pem', keyfile='/etc/letsencrypt/live/spypiggy.ga/privkey.pem')
    app.run(host= IPADDR , port="8080", ssl_context=ssl_ctx)
<myhttps.py>

Now run the flask that supports https.
[root@gcloud-seoul pyflask]# python3 myhttps.py
 * Running on https://117.52.89.240:8080/ (Press CTRL+C to quit)

Then, access it using https in a web browser. You can also see that it works properly using https.






































댓글

댓글 쓰기

이 블로그의 인기 게시물

MQTT - C/C++ Client

이미지
  This article records how to implement the client directly using c/c++ , which is linked to the Mosquito MQTT broker set-up on the Ubuntu 20.04, introduced in MQTTT - Mosquito MQT broker set-up on the Ubuntu 20.04 .   Install Paho MQTT C Client  To use MQTT on c/c++, first download the required module from the eclipse foundation. You can download files for your operating system from https://www.eclipse.org/paho/index.php?page=clients/c/index.php . <Paho MQTT C Client download page> Of course I use Linux, so I'll refer to the build contents for Linux in the middle of the document for "Building from Source." apt-get install openssl libssl-dev  cd / usr / local / src git clone https :// github . com / eclipse / paho . mqtt . c . git cd paho . mqtt . c . git make && sudo make install  Now we are ready to develop mqtt client using c/c++.   Build Example  We will proceed with the example of mqttt as described in MQTT - Mosquito MQTT broke...
자세한 내용 보기

RabbitMQ - C++ Client #1 : Installing C/C++ Libraries

이미지
 This article documents how to connect to RabbitMQ using c/c++ to publish and subscribe to messages. I'm working on Ubuntu 20.04. RabbitMQ supports various development languages. Java, Python, C/C++, C#, Ruby, Javascript, as well as recently released languages such as Go and Rust are supported. How to use various development languages is introduced in detail at https://www.rabbitmq.com/devtools.html . Those who use C/C++ can also get download information for some Client tools on this page. <Development tool introduction page> Install SimpleAmqpClient In the middle of this page there is an introduction to tools for C/C++ developers. C and C++ RabbitMQ C client SimpleAmqpClient , a C++ wrapper around rabbitmq-c amqpcpp , a C++ message library for RabbitMQ AMQP-CPP , a C++ RabbitMQ client I'll use SimpleAmqpClient here. The reason for using SimpleAmqpClient is that the API is very concise. RabbitMQ has the advantage of being easy to port when porting Python code becaus...
자세한 내용 보기

C/C++ - Everything about time, date

 Important data types  time_t Although not defined by the C standard, this is almost always an integral value holding the number of seconds (not counting leap seconds) since 00:00, Jan 1 1970 UTC, corresponding to POSIX time.  Unix and POSIX systems define time_t as an integer (usually a 32-bit or 64-bit integer) or a floating-point type. Note : Time_t can only be handled in seconds, but not in milliseconds or microsec.  struct tm The tm structure has the following structure. struct tm { int tm_sec; int tm_min; int tm_hour; int tm_mday; int tm_mon; int tm_year; int tm_wday; int tm_yday; int tm_isdst; }; time_t is a variable that stores seconds that have elapsed since 1970. It is often used to convert from this variable to the easy-to-use year, month, day, hour, minute, and second formats. struct timeval The time_t discussed above has only a value in seconds. Time_t cannot be used if ms (0.001sec) and us (0.000001sec) value...
자세한 내용 보기