I have a flask application and I'm trying to run it on https://127.0.0.1:5000/ server.
I'm using below code:
if __name__ == '__main__':
app.run(debug=True, ssl_context='adhoc')
But when I run my program and open the link it says your connection is not private. Is this error related to certificates or can we tackle this from our code?
This is a certificate error.just click advanced and accept the certificate.It happen because you are using unsigned certificate.Flask default server is not suitable for production use.I prefer u to use gunicorn with ngnix if u want to u ssl in proper way.If want to bypass this error just configure ur browser setting to accept the certificate
According to my point of view you have to create a certificate. Further you will have to install pyopenssl as well. Detailed article will be on the following site.
Related
I am new to linux/aws in general and I am trying to deploy a dash webapp onto an ec2 instance. The webapp is written in python and uses an aws database. I created an EC2 instance, set the security group to allow all traffic, uses the default VPC and internet gateway. I successfully installed the all the app dependencies but anytime I run the app.py file. The public dns doesnt load the webpage. I have tried pinging the public IP and that works. I really have a limited knowledge base hear and have tried different options but cant seem to get it working. Please help :)
Public IP-https://ec2-3-8-100-74.eu-west-2.compute.amazonaws.com/
security group
webapp
I've been smacking my head on this for a couple days and finally got it. I know it's been a while but hopefully this helps someone else. Had a hard time finding answers elsewhere. Very similar to you, I had the ec2 instance set up, the security groups and vpc set up (those steps aren't too difficult and are well-documented). I had some successful pings, but was getting a "connection refused" error through the browser.
The "app.run_server()" parameters were the missing piece for me:
if __name__ == '__main__':
app.run_server(host= '0.0.0.0',port=80)
At that point calling the .py app gave me a 'permission denied,' which I was able to get around by running as sudo ("sudo python3 my_app.py") -- and by sudo pip install-ing necessary packages. (All through ssh, fwiw).
After finally running successfully I was given an IP from the dash app corresponding to my private IPv4 on EC2, and at that point could set my browser to the PUBLIC IPv4 and get to the app. Huzzah.
Playing around with it a little, it looks like as long as you have:
host= '0.0.0.0'
you'll run it online. Without that, it runs only locally (you'll see IP as 127.0.0.1). Then it's a matter of making sure whatever port you're using (:80, :443, :8050) is open according to firewalls and security groups. Dash for me defaults to :8050, and that port might be fine as long as it's allowed through security groups.
QUICK UPDATE:
I tried leaving it on port :8050, and also opened :8050 to all ipv4 in my security group. That let me run everything successfully without using "sudo python3".
if __name__ == '__main__':
app.run_server(host= '0.0.0.0',port=80)
With "python3 my_app.py" in ssh
My python application is running locally on http://0.0.0.0:80/
Later, to make SSL connection I generated MyCert.crt and Mycert.key files.
Later, after providing the location of certificate and key files. My application works perfect and starts running over https connection as per expectation.
code snippet:
from OpenSSL import SSL
context = ("C:/myCert.crt", "C:/Mycert.key")
app.run(host="0.0.0.0", port='80',ssl_context = context)
Now, I import the same certificate to: windows certificates manager -> Trusted Root Certification Authorities. It shows certificate name as localhost
Now, my goal is to access the certificate for same python application and start using it from windows certificate manager.
I referred couple of libraries(requests, wincertstore) but I am unable to understand them as I am new in this domain.
How Do I modify my python code to access this certificate.
you need to change your port firstly, 443 will be great (as far as we know, https go over 443)
and replace your line with this one:
app.run(host='0.0.0.0', port=443, debug=True, ssl_context=('/home/ubuntu/cert/myCert.pem', '/home/ubuntu/cert/myCert2.pem'))
read this article, it will help you:
https://blog.miguelgrinberg.com/post/running-your-flask-application-over-https
I want to execute a Python script that connects to my local dev_appserver.py instance to run some DataStore queries.
The dev_appserver.py is running with:
builtins:
- remote_api: on
As per https://cloud.google.com/appengine/docs/python/tools/remoteapi I have:
remote_api_stub.ConfigureRemoteApiForOAuth(
hostname,
'/_ah/remote_api'
)
In the Python script, but what should the hostname be set to?
For example, when dev_appserver.py started, it prints:
INFO 2016-10-18 12:02:16,850 api_server.py:205] Starting API server at: http://localhost:56700
But I set the value to localhost:56700, I get the following error:
httplib2.SSLHandshakeError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590)
(Same error for any port that has anything running on it - e.g. 8000, 8080, etc).
If anyone has managed to get this to run successfully, what hostname did you use?
Many thanks,
Ned
The dev_appserver.py doesn't support SSL (I can't find the doc reference anymore), so it can't answer https:// requests.
You could try using http-only URLs (not sure if possible with the remote API - I didn't use it yet, may need to disable handler secure option in app.yaml config files).
At least on my devserver I am able to direct my browser to the http-only API server URL reported by devserver.py at startup and I see {app_id: dev~my_app_name, rtok: '0'}.
Or you could setup a proxy server, see GAE dev_appserver.py over HTTPS.
I am writing a Flask Web-Application and use eventlet as the networking library for that application (eventlet is wrapped by Flask-SocketIO to allow asynchronous operation)
Following this guide I have been successfully creating a SSL key- and cert-file which I pass to the WSGI Server
socket_io.run(app,
host=APP_HOST,
port=APP_PORT,
keyfile='ia.key',
certfile='ia.crt')
This works fine but unfortunately Safari / Chrome says that my SSL-Certificate is not trustworthy when I access the page for the first time.
The Chrome-Failure is the following:
NET::ERR_CERT_COMMON_NAME_INVALID
How to I generate a valid SSL Certificate so that the browsers don't show that error when a user connects to the web application the first time!?
That is because it is something called a "Self Signed Certificate", which is not from any trusted company, so any modern browser auto-detects this as an untrusted site. If you are using a UNIX-based operating system, (Linux, or macOS, Fedora, and more), you can use what I am using. You have to generate new certification from a trusted site.
This is what I use to get a TRUSTED certificate that most browsers can use: https://certbot.eff.org/instructions.
I'm following Flask Quickstart guide and can run my web app via http://myip.com:5000.
One issue is that my web is only accessible as long as I keep my SSH remote connection session - when I sleep/shutdown my PC, the website shutdown too.
How can I make it permanent available?
You need to use a regular web server, such as apache2. You can't use the python server for production purposes. Here is how you do it with apache: http://flask.pocoo.org/docs/0.10/deploying/mod_wsgi/