Thanks for reading in advance.
I have a working Apache2 server which is currently successfully serving both :80 and :443. I have a simple FLASK based site at the moment that is being served HTTPS successfully. using Mod_wsgi and self-signed certs at the moment.
Here's where I run into trouble. I have a login which uses POST data to send info back from a FORM in my template to my server for user authentication. It works fine in HTTP however in HTTPS I get:
Bad Request
The browser (or proxy) sent a request that this server could not understand.
Having googled around for a couple hours it seems like there could be some mix of context settings and or app extensions that could be used with the server SSL certs,keys to help here. But I'm a babe in the woods when it comes to SSL. Could anyone point me to what changes I need to make to adapt to SSL handling of client/server in Flask? I've tried SSLify (didn't work - same error)
Very Best Regards,
Tom
You need an SSL server in front of your Flask Application. Google how to configure flask nging ssl if you want nginx or flask apache ssl if you want Apache's httpd server.
If you really want to serve https content directly from your Flask Application (which I wouldn't recommend), you can follow this blog post.
Related
I'm currently using AWS for my backend services and angular for the frontend part. Trying to make my website more secure I added a CA signed SSL certificate on my API gateway and added it to my angular website in my angular.json and package.json.
Whenever I try to access the API using CURL from a linux machine providing it with the certificate and key the API returns a reponse however from my Angular website it always returns ERR_CONNECTION_RESET.
Is there a way to solve this? I'd greatly appreciate any help.
I expected the network layer to be secure and API to return a response. What actually resulted is ERR_CONNECTION_RESET.
first you must be clarify which webserver use are using Nginx or Apache, if you are using an apache web server then try to correct the SSL configuration and Nginx configuration also in case of using.
But according to me, I think you are also using the reverse proxy. First properly configure it. Learn Apache Reverse Proxy and Nginx Reverse Proxy
And finally, you can also check the web server log to get the correct error.
I have a Flask app running with a cert/key created in openssl:
app.run(host="192.168.0.2", port=8000, debug=True, ssl_context=('/certs/fullchain.pem', '/certs/privkey.pem'))
The Flask app is being served on IIS via FastCGI.
The actual website is using a .pfx created with the same fullchain.pem and privkey.pem files from openssl.
When I use the Flassk app (api) from the web app (ajax call) in Opera, everything works as expected... but when attempting to use it from any other browser, I get ERR_CERT_COMMON_NAME_INVALID.
I thought it may be due to the Flask app using 192.168.0.2 VS the "example.com" the cert is assigned to, but I have no way around this. Certs cannot be assigned to raw IPs.
Any suggestions would be GREATLY appreciated, thanks!
I work on a python3.6 app that uses flask and oauth2client.
I want to serve https instead of http in gcloud environment.
I tried using talisman-flask:
https://github.com/GoogleCloudPlatform/flask-talisman
However, when I ran their sample app locally I got this error in my browser:
This site can’t provide a secure connection
127.0.0.1 sent an invalid response.
It works fine for http, but can't apparently serve https.
Are there some Talisman configurations I need to change?
Or maybe a whole different solution altogheter?
EDIT:
I changed from debug=True to debug=False and now I get automatically redirected to https but the above error message is still there.
One rather generic approach which can work even with the standard environment local development server (which doesn't support HTTPS) would be to use a reverse proxy.
Such solutions are documented in Appengine - Local dev server with https
It's an old thread, but if you want to serve HTTPS (with or without Talisman) you need, at least, a valid certificate. Please, create one at Let's Encrypt and install in your web server, even if your site are in the web or in your local environment. If you want a good tutorial to help further, I recommend this from Miguel Grinberg, a big "Flask Guru" ;-) .
I am facing issue in my Django app...
which is working fine in mhy local django WSGI based server. but the same facing timeout in nginx..
what will be the issue?
is there anything to deal with increasing nginx process?
my nginx response which took 30000ms to respond in my server but without data (i am using AWS),
my local got respond in 12000ms with response,
any help?
My django app is on AWS i am using nginx gunicorn and supervisor for deployment configuration...
I'd recommend against fiddling with the Nginx and Gunicorn config.
Instead try reducing the amount of data you're trying to fetch in a single API response. If you're data is in the form of a list [which it looks like from the picture] I'd recommend paginating your response. Django has excellent pagination module which can be used.
https://docs.djangoproject.com/en/2.0/topics/pagination/
I have python flask running on my server exposing a REST API that is being consumed by an iOS app. I'm using HTTP Basic Authentication using the Flask-HTTPAuth: module. I wanted to know how secure this is because the username:password string would be sent on every request.
Do I need to use HTTPS instead?
Thanks!
Sorry for bad english. Still learning.
Your current system is (very!) insecure, the login information can be seen during transit by anyone.
The easiest way to add secure HTTP is to install a proxy server like nginx. Then nginx is configured for secure HTTP, but it relays all the requests to the Flask application listening on a private socket without encryption.
This link will send you to the nginx documentation on secure HTTP.
Alternatively, you can have HTTPS running directly from Flask. The link has clear instructions of how to do this. It is a quick, easy method to use while developing.
For production, I'd use Apache's mod_ssl function, or as already stated by Miguel, nginx, as proxy servers.