So I have this web application running with Python's Flask and I use gevent.pywsgi.WSGIServer in order to make my application ready for production. My website is accessible from the Internet with all my devices and even others with different networks.
However I tried to add the HTTPS possibility by running the test with certbot letsencrypt... I passed the tests and obtain the certfile and keyfile but when I put them as arguments in the following function :
app_server = gevent.pywsgi.WSGIServer(
(CONFIG['Flask']['host'], int(CONFIG['Flask']['port'])),
app,
certfile="fullchain.pem",
keyfile="privkey_rsa.pem"
)
Well I get this error ssl.SSLError: [SSL] PEM lib.
PS: I opened my port for HTTPS server
That's why I wonder if the problem comes from:
the domain name passed for the letsencrypt test
domain name registrar
...
Or something else?
Thank you in advance.
I know this question is old and I came here looking for an answer to something else, but I have gone through your exact situation and couldn't help answering it.
I actually resolved the situation the proper way of building a website. I registered with a free dns server and routed all traffic coming to my router on ports 80/443 to a virtual machine in the LAN running NGINX, where I had already setup letsencrypt certs. Using this setup I don't have to enable SSL on any other machine in the network. Off topic, but to enable local network level ssl you need to have all the machines in the network. But you can simply forward requests from NGINX to any machine running in your local network using http and to the outside world all the traffic happens over SSL.
NGINX configuration is simple for LAN and you can create one yourself with a little google search, but the basic structure contains one server and several child location blocks where each location block corresponds to one web application in the LAN.
Hope this helps a bit. I can put a more detailed answer with specific steps if you are still looking.
Related
what I have:
I made a simple web application using Flask, which woks great on the localhost.
what I want to achieve:
I want to deploy it so it is visible in the internet.
Because Flask says that the production server should not be used for deployment I installed gunicorn.
I managed to get it working on localhost (running gunicorn server:app).
Then I tried to make it public using the -b 0.0.0.0:5000 option. it said it is running on 192.168....:5000 Now I could access the website using that ip address from my computer and also from my phone connected to the same wifi. however I was unable to connect to the website when I didn't use this wifi.
when I searched about this, I found out that the 192.168.... ip address range is reserved to the local network and cannot be accessed from anywhere else.
how do I need to run the script so it is accessible from everywhere? Do I need to modify the firewall settings? Maybe there is a better way to deploy such an app on the local machine using a different framework?
Just some additional information:
python version: 3.9
I am using a venv (and installed flask and gunicorn into it)
os: macos 11.6.1 (I could run it on an Ubuntu machine if that is easier)
This question isn't anything related with Python or Gunicorn but to networking (so maybe StackOverflow isn't the correct place to ask but other community like ServerFault)
Currently your application is already exposed on your machine in the defined port, so next step would be to forward all the traffic that comes to your router to there.
In order to do that, you will have to configure the firewall of your router to accept incoming traffic through a desired port and finally forward the traffic which comes from that port to your machine in the port 5000.
Also, in the case that you have everything already configured, it will only work if your ISP is providing you a single IPv4, what currently doesn't happen anymore but you actually are sharing that with few more people. Other option would be that you configure IPv6 incoming traffic.
As you can see, this isn't a simple task neither one that should be done without proper care, since you would be literally opening your network to possible attackers.
So, in order to simplify it at the most for you, since you already have Gunicorn, I would recommend you to use any of the resources exposed by other users as Heroku or Netlify which are free for a single application and will fulfill your expectations without requiring high amount of networking knowledge.
You would need to do the following steps:
read up and learn a lot about security for Web servers, then read some more, it is fraught with risks
find your Mac's IP address on your local network and make sure it is fixed, i.e. set as static on your Mac (under "System Preferences->Network") or reserved in your router's DHCP tables (by putting your Mac's MAC address in its allocation tables) so that it always gets the same local address on your internal network when it boots
log into your router and set up "Port Forwarding" to forward external requests (coming from the Internet) for port 5000 (or some other port) to your Mac's fixed IP address and the port 5000 where Gunicorn is serving
log into your router and find your WAN IP address, or go to http://whatsmyip.com to get the address you need to put in your browser, or your friends need to put in their browsers to see your shiny new website
as it stands, this will work until the next time your router reboots when your ISP will likely allocate it a new IP address. If you want it permanent, you need to either 1) ask your ISP for a static IP address, or 2) subscribe a DDNS service (e.g. noip.com or dyndns.com) or 3) tell your friends your new IP address every time you reboot your router
I do not know anything about gunicorn. But what I used to use when needing to deploy a flask app was pythonanywhere. They have a great and totally free hosting service. It's really fast in deploying, needs no resources from your computer and is just great. Also you would have to forward the port 5000 for your computer to enable other devices not in the same network to access your computer/flask app. That comes with security issues. However, you do not need any of that when using pythonanywhere.
There are also other great hosting services like that one. It's just the only one I know and used yet but you'll find others for sure if you don't like that one.
I've been working on a website for the past month, and now its time for me to host the django website onto a private server. Is there a detailed method on how I'm supposed to host the website onto a specific IP address assigned to my system?
This is my first time dealing with hosting a server and i dont know much about it.
Also, once i host it, How do i change the link from being the IP address to an actual link like "12345678.com" or something like that?
(The website should be hosted in such a way that only the people who are in the same network/lan connection should have access to the website.)
I have wamp on the system and the system has a Windows Server OS (if this info helps)
you can run your codes with manage command like this
python manage.py runserver 0.0.0.0:8000
but its strongly recommended to run your code with a web server like nginx or apache read this tutorial to run your site on a linux server
https://www.digitalocean.com/community/tutorials/how-to-set-up-uwsgi-and-nginx-to-serve-python-apps-on-ubuntu-14-04
on windows you can use IIS but its not recommended. its performance is not good
to use 1234567890.com instead of using server ip address you must setup a DNS server on your local network. in linux you can use bind and windows server have its own DNS server. but in your DHCP configuration you must set this DNS server as clients DNS.
I'm trying to connect to my website from another node on another network. If the nodes are in the same network, i can connect to the website without a problem.
I've forwarded port for ssh and Django (8000), I also have apache ready on port 9080.
ssh and apache ports work fine when connecting to them from external ip address, Django does not for some reason.
First, i tried to run the server on port 8000:
python manage.py runserver 0.0.0.0:8000
This works completely fine when connecting from the node that is in the same network as the server, but for some reason, whenever i try to access it from external ip address, the connection is refused.
To make sure it was Django, I also tried running the server on the same port as Apache (9080), although, i didn't expect "errorless" response, since i knew that port was occupied. But there was no change at all, I was still getting the same Apache page that i would get before.
I also tried allowing port 8000 on firewall:
sudo ufw allow 8000/tcp
But pretty sure this is not the problem, since this Debian came without any firewall.
I also tried to empty ALLOWED_HOSTS in settings, but there was no progression.
It seems like Django has no effect for external connections, what could be the reason?
I also struggle to understand the purpose of other http web server platforms in this case (e.g Apache, Nginx), Isn't Django creating a webserver itself along with its custom wsgi?
Firewall is not the problem, neither is the web server, then may the problem be caused by the Django itself? Maybe it is outer firewall?
It is not clear how you are configuring Apache to forward requests to Django, it seems like you are treating those as two independent components. If you want to use a web server in front of Django (recommended for production envs), you need to configure both Apache and Django.
Then, as you are running django in dev mode (python manage.py runserver 0.0.0.0:8000), you should reach Django in http://server_ip:8000 regardless of Apache, perhaps there is another firewall blocking the connection. Use tracert / traceroute to find out where the connection is blocked.
FInally, for production environments, it is recommended to use a web server in front of Django to increase security and performance. See the docs for further information.
My guess is that you have another firewall blocking the port. You opened the local firewall using ufw, but there may be an outer firewall.
python manage.py runserver 0.0.0.0:8000 starts correctly? If so, keep an eye in the log.
Inside the server, do a request wget http://localhost:8000. The request should be logged
If you can reach Apache in port 9080 from outside the server, you can:
Use nmap to find the opened / closed / filtered ports in the server to find if there is another firewall inbetween.
Configure Apache to forward requests to Django, although this does not solve the problem
In your question you say that you have forwarded port for ssh and Django. What exactly is this? Are you sure that you have not misconfigured your ssh server to listen in port 8000?
I have a Django development server running on a remote centos VM on another lan. I have set up port forwarding using Secure CRT to access the web page through my browser from my desk pc. I am currently not using apache with the development server and is shutdown.
I start the server by running python manage.py runserver 0.0.0.0:80.
When I type either the ip or www.localhost.com into the web browser, my URL is read as if it has been doubled with the host being read as if it was also the path.
Page not found (404)##
Request Method: GET
Request URL: http://www.localhost.com/http://www.localhost.com/
When I try to access the development server from within the same LAN the page loads up fine.
I have been searching through the django documentation and stack overflow, but I have yet to find a similar problem to this. Does anyone have any thoughts on why this may be happening and what could be a possible solution?
Thank you very much in advance!
It looks like the request URL is incorrect:
http://www.localhost.com/http://www.localhost.com/ should probably be http://actual_machine_IP.com/
I'd start searching there. You won't be able to access the VM's port 80 from a different lan using localhost as the hostname since localhost is probably already set in your hosts file.
If you want to test your dev environ remotely, can I suggest either setting up Apache properly with port 80 (as opposed to using django's dev server--privilege restrictions and all that can be circumvented with sudo and other bad practice) or use a pre-built shared dev service like vagrant share.
I can't seem to figure this out. I created a new Ubuntu VM on Azure and I can SSH into it. I installed Node (which I've done many times) and I tried to run the test app from nodejs.org:
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(1337, '127.0.0.1');
console.log('Server running at http://127.0.0.1:1337/');
However, when I go to the IP (which is the same one I SSHed into the box from) + :1337 it just never loads. I tried :80 too, but still no luck. I also tried running python -m SimpleHTTPServer on :8000 and I still can't view the site. I must be missing something.
Just so you know, I'm just trying to setup a simple dev box with a bunch of projects on it. I want to be able to work on my projects anywhere. Some are 100% front-end JS projects so SimpleHTTPServer would be fine. Some are Node projects too. In either case, I just want to be able to hit some port and see what I'm working on.
Oh also I opened up the Azure firewall to the VM, redirecting traffic from port 80 to port 1337 (https://www.evernote.com/shard/s5/sh/3aef8e76-04f6-48cb-84f9-32462bc425a7/f0cd749773a9d09cee66d00fe3e707c0)
You are listening loopback ip address. Try .listen(1337, '0.0.0.0'); to listen on all network interfaces
urgh azure. i cannot get port 80 open. is it the machine iptables?? some azure magical thing.
i know it cant be that hard.
unlike your view i do not see 'NONE' for load balancer. i see '--'/ whatever that means.