I work on a python3.6 app that uses flask and oauth2client.
I want to serve https instead of http in gcloud environment.
I tried using talisman-flask:
https://github.com/GoogleCloudPlatform/flask-talisman
However, when I ran their sample app locally I got this error in my browser:
This site can’t provide a secure connection
127.0.0.1 sent an invalid response.
It works fine for http, but can't apparently serve https.
Are there some Talisman configurations I need to change?
Or maybe a whole different solution altogheter?
EDIT:
I changed from debug=True to debug=False and now I get automatically redirected to https but the above error message is still there.
One rather generic approach which can work even with the standard environment local development server (which doesn't support HTTPS) would be to use a reverse proxy.
Such solutions are documented in Appengine - Local dev server with https
It's an old thread, but if you want to serve HTTPS (with or without Talisman) you need, at least, a valid certificate. Please, create one at Let's Encrypt and install in your web server, even if your site are in the web or in your local environment. If you want a good tutorial to help further, I recommend this from Miguel Grinberg, a big "Flask Guru" ;-) .
Related
I'm currently using AWS for my backend services and angular for the frontend part. Trying to make my website more secure I added a CA signed SSL certificate on my API gateway and added it to my angular website in my angular.json and package.json.
Whenever I try to access the API using CURL from a linux machine providing it with the certificate and key the API returns a reponse however from my Angular website it always returns ERR_CONNECTION_RESET.
Is there a way to solve this? I'd greatly appreciate any help.
I expected the network layer to be secure and API to return a response. What actually resulted is ERR_CONNECTION_RESET.
first you must be clarify which webserver use are using Nginx or Apache, if you are using an apache web server then try to correct the SSL configuration and Nginx configuration also in case of using.
But according to me, I think you are also using the reverse proxy. First properly configure it. Learn Apache Reverse Proxy and Nginx Reverse Proxy
And finally, you can also check the web server log to get the correct error.
I am using django rest framework.
Patch on api endpoint( users/user_id) is working in local django server on my machine. But on nginx development server its showing
{"detail":"Method \"METHOD_OTHER\" not allowed."}
Do we need to change some settings in nginx?
Ok I tried the access the same code from different network and it worked.
Probably it was firewall issue of that particular wifi network.
I have a python script that wants to communicate via HTTPS to a flask application using a self-signed certificate.
I've created an SSL certificate with openssl. I want flask to only accept connections that use that certificate and refuse those that do not.
Can anyone give some thoughts of how can I do that?
I don't think flask is capable of that. Flask only takes care of the content building stuff. It in fact uses Werkzeug as backend while in development mode.
During development, werkzeug's builtin server supports SSL for testing purposes:
run_simple('localhost', 4000, application,
ssl_context=('/path/to/the/key.crt',
'/path/to/the/key.key'))
Details can be found here.
When it comes to production, a flask project has to be depolyed with a WSGI backend that is more productive. There are many backends out there like gunicorn and uWSGI(with nginx). If you choose to use one of them, You may want to check out their documentation to find about how to add HTTPS support.
I have python flask running on my server exposing a REST API that is being consumed by an iOS app. I'm using HTTP Basic Authentication using the Flask-HTTPAuth: module. I wanted to know how secure this is because the username:password string would be sent on every request.
Do I need to use HTTPS instead?
Thanks!
Sorry for bad english. Still learning.
Your current system is (very!) insecure, the login information can be seen during transit by anyone.
The easiest way to add secure HTTP is to install a proxy server like nginx. Then nginx is configured for secure HTTP, but it relays all the requests to the Flask application listening on a private socket without encryption.
This link will send you to the nginx documentation on secure HTTP.
Alternatively, you can have HTTPS running directly from Flask. The link has clear instructions of how to do this. It is a quick, easy method to use while developing.
For production, I'd use Apache's mod_ssl function, or as already stated by Miguel, nginx, as proxy servers.
I'm learning Django and working on sample sites.. I registered at alwaysdata but am unable to view the site after I go 'manage.py runserver' in the SSH (this is after I've created the project and navigated to the appropriate directory, of course).
I appreciate any help.
Thanks
Have you taken a look at the wiki entry regarding the django dev server? Google translate seems to indicate that you need to request some ports open first, and that once you've got them assigned you can pass in one of those port numbers to runserver to run it on that port.
If you need the translated-to-English version, here's a link
I am also an alwaysdata customer. Daniel DiPaolo gave you the right links to get it working on ssh with the dev server. The google translation seems correct to me. You need to request a port range in order to use the dev server on ssh.
But this is intended only for debugging purpose and should run for a short while.
Here is how to deploy with fastCGI which is the regular way to deploy a Django site on alwaysdata.
http://wiki.alwaysdata.com/wiki/D%C3%A9ployer_une_application_Django.
Google give a decent translation
AlwaysData is running a forum at http://forum.alwaysdata.com/ mostly in French but questions in English are welcomed.
The devserver included with django is for testing purposes, only on your local machine and should not be used on a web host. From the docs:
DO NOT USE THIS SERVER IN A PRODUCTION
SETTING. It has not gone through
security audits or performance tests.
(And that's how it's gonna stay. We're
in the business of making Web
frameworks, not Web servers, so
improving this server to be able to
handle a production environment is
outside the scope of Django.)
If i have somehow misinterpreted your question, i apologise.
When you enter manage.py runserver you're running the development web server on the loopback interface (127.0.0.1). You could test this out by running wget 127.0.0.1 on the same server that the development web server is running.
If you want it to be on the internet so you could access it from outside that server, you'd have to specify your public ip. For example, to run the web development server on ip 1.1.1.1 and port 8080 (personally recommend using a non-standard port):
manage.py runserver 1.1.1.1:8080
To find out your public ip, try running ifconfig on SSH.
Also, you might have to check out the firewall settings with your ISP/server provider.