I have a python script that wants to communicate via HTTPS to a flask application using a self-signed certificate.
I've created an SSL certificate with openssl. I want flask to only accept connections that use that certificate and refuse those that do not.
Can anyone give some thoughts of how can I do that?
I don't think flask is capable of that. Flask only takes care of the content building stuff. It in fact uses Werkzeug as backend while in development mode.
During development, werkzeug's builtin server supports SSL for testing purposes:
run_simple('localhost', 4000, application,
ssl_context=('/path/to/the/key.crt',
'/path/to/the/key.key'))
Details can be found here.
When it comes to production, a flask project has to be depolyed with a WSGI backend that is more productive. There are many backends out there like gunicorn and uWSGI(with nginx). If you choose to use one of them, You may want to check out their documentation to find about how to add HTTPS support.
Related
I'm currently using AWS for my backend services and angular for the frontend part. Trying to make my website more secure I added a CA signed SSL certificate on my API gateway and added it to my angular website in my angular.json and package.json.
Whenever I try to access the API using CURL from a linux machine providing it with the certificate and key the API returns a reponse however from my Angular website it always returns ERR_CONNECTION_RESET.
Is there a way to solve this? I'd greatly appreciate any help.
I expected the network layer to be secure and API to return a response. What actually resulted is ERR_CONNECTION_RESET.
first you must be clarify which webserver use are using Nginx or Apache, if you are using an apache web server then try to correct the SSL configuration and Nginx configuration also in case of using.
But according to me, I think you are also using the reverse proxy. First properly configure it. Learn Apache Reverse Proxy and Nginx Reverse Proxy
And finally, you can also check the web server log to get the correct error.
I work on a python3.6 app that uses flask and oauth2client.
I want to serve https instead of http in gcloud environment.
I tried using talisman-flask:
https://github.com/GoogleCloudPlatform/flask-talisman
However, when I ran their sample app locally I got this error in my browser:
This site can’t provide a secure connection
127.0.0.1 sent an invalid response.
It works fine for http, but can't apparently serve https.
Are there some Talisman configurations I need to change?
Or maybe a whole different solution altogheter?
EDIT:
I changed from debug=True to debug=False and now I get automatically redirected to https but the above error message is still there.
One rather generic approach which can work even with the standard environment local development server (which doesn't support HTTPS) would be to use a reverse proxy.
Such solutions are documented in Appengine - Local dev server with https
It's an old thread, but if you want to serve HTTPS (with or without Talisman) you need, at least, a valid certificate. Please, create one at Let's Encrypt and install in your web server, even if your site are in the web or in your local environment. If you want a good tutorial to help further, I recommend this from Miguel Grinberg, a big "Flask Guru" ;-) .
I have python flask running on my server exposing a REST API that is being consumed by an iOS app. I'm using HTTP Basic Authentication using the Flask-HTTPAuth: module. I wanted to know how secure this is because the username:password string would be sent on every request.
Do I need to use HTTPS instead?
Thanks!
Sorry for bad english. Still learning.
Your current system is (very!) insecure, the login information can be seen during transit by anyone.
The easiest way to add secure HTTP is to install a proxy server like nginx. Then nginx is configured for secure HTTP, but it relays all the requests to the Flask application listening on a private socket without encryption.
This link will send you to the nginx documentation on secure HTTP.
Alternatively, you can have HTTPS running directly from Flask. The link has clear instructions of how to do this. It is a quick, easy method to use while developing.
For production, I'd use Apache's mod_ssl function, or as already stated by Miguel, nginx, as proxy servers.
Do i need to use NginX or am i able to host it without it?
I am developing my first django project and am at the point where i can run the app project using the command:
./manage.py run_gunicorn -c config/gunicorn
I can then view it going to:
http://127.0.0.1:8000/resources/
I would now like to try hosting it so that other PCs can access this.
Gunicorn is wsgi http server. It is best to use Gunicorn behind HTTP proxy server. We strongly advise you to use nginx.
# http://gunicorn.org/#deployment
Although there are many HTTP proxies available, we strongly advise that you use Nginx. If you choose another proxy server you need to make sure that it buffers slow clients when you use default Gunicorn workers. Without this buffering Gunicorn will be easily susceptible to denial-of-service attacks.
# http://docs.gunicorn.org/en/latest/deploy.html
Of course not. You can use lighttpd or any other web server that supports WSGI, SCGI, FastCGI or AJP. You may refer to this python documentation and django documentation, and these two questions on stackoverflow: Cleanest & Fastest server setup for Django, Differences and uses between WSGI, CGI, FastCGI, and mod_python in regards to Python? might be also helpful.
You don't need a frontend proxy; you can put a standalone webserver like gunicorn directly in production. But there are various reasons why you probably want to use a frontend webserver anyway.
I need to build a python web server which supports 2 different types of users :
"Super admins", which get full access to the admin panel when they connect using a pre-configured laptop/browser.
Admins, which get limited access to the admin panel and can connect using only a username/password combo.
I'm thinking SSL client authentication is a possible solution for authentifying the technicians.
Note that the web server will be embedded in a product and will not have internet access, so cannot connect to a CA.
Is SSL client authentication a good solution, or is there a simpler, or better option?
Here's what I've found...
CherryPy seems to be a very nice, simple python web server. However, it does not seem to support client authentification.
M2Crypto seems like a very complete library which supports all forms of SSL authentification, however I haven't found a detailed example of how to set up a python web server using M2Crypto for SSL client authentification.
pyOpenSSL seems to be dead.
I also found a recipe, which explains how to set up a python web server with SSL. However...
With this recipe, only the server is authenticated while the client
remains unauthenticated (i.e. the server will not request a client
certificate).
Source : http://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/
Can someone point me in the right direction or link to a well documented implementation of what I'm trying to do?
Thank you :)
Take a look at the twisted libraries: http://twistedmatrix.com/documents/current/core/examples/index.html
There is a simple echoservl_ssl and echoclient_ssl example in the link as well.
Optionally, bundle apache + any web framework and you're golden. There are loads of articles online about small embedded web servers.