9

I have tried the tutorial of python pyramid framework but, https connection, no matter how able to waitress. http://docs.pylonsproject.org/projects/pyramid/en/latest/tutorials/wiki2/installation.html

If you look at the documents of waitress, there is an item called 'url_scheme' in pasteDeploy format. I tried to add the following to development.ini:

# # #
# Wsgi server configuration
# # #

[server: main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543
url_scheme = https

But, it seems to be listening for http connections be performed pserve command.

$ serve development.ini - reload
Starting subprocess with file monitor
Starting server in PID 2757.
serving on http://0.0.0.0:6543

There is no response when accessed by browser in this state. Application I'm trying to create is expecting a https access, but do you think there is a package needed for something else. Or Do I fundamentally wrong somewhere? I would appreciate the advice of experts.

Environment in fedora19, python 3.3.2. the following packages that are included in the virtualenv:

Chameleon == 2.12
Mako == 0.9.0
MarkupSafe == 0.18
PasteDeploy == 1.5.0
Pygments == 1.6
SQLAlchemy == 0.8.2
WebOb == 1.2.3
coverage == 3.7
nose == 1.3.0
pyramid == 1.4.5
pyramid-debugtoolbar == 1.0.8
pyramid-mako == 0.2
pyramid-tm == 0.7
repoze.lru == 0.6
transaction == 1.4.1
translationstring == 1.1
tutorial == 0.0
venusian == 1.0a8
waitress == 0.8.7
zope.deprecation == 4.0.2
zope.interface == 4.0.5
zope.sqlalchemy == 0.7.3

Please tell us the location of the document would be helpful to me means. Thank you very much!

user2897065
  • 95
  • 1
  • 1
  • 4
  • Did you try **localhost:6543** – ajknzhol Oct 19 '13 at 12:13
  • Thank you for your reply. Of course, I have access to the host where the wsgi server is running. (192.168.3.5) <- browser (192.168.3.3) I think because the SQL that is standard output a successful http connection does not appear, it does not reach the host in https. 'url_scheme' or would not enabled? – user2897065 Oct 19 '13 at 13:13

1 Answers1

10

Waitress does not actually support decoding https requests. The only way to support https is by putting waitress behind a reverse proxy such as nginx. You then allow nginx to decrypt the request and pass it on to waitress. The problem here is that waitress now thinks it's serving an http request because thats what it sees from nginx. The url_scheme setting is for telling waitress that all requests coming into waitress are actually https, which it can then forward on to the application, which uses that fact to help your application generate urls using the https scheme instead of http.

Hopefully that makes sense but either way it should be clear to you that your https setup is not going to work when no where in your pastes have you actually created a certificate or a private key.

Michael Merickel
  • 23,153
  • 3
  • 54
  • 70
  • 2
    Michael, thank you very much. I read the source code of the waitress, the following documents: http://docs.pylonsproject.jp/projects/pyramid_cookbook-ja/en/latest/deployment/nginx.html I was able to understand summary. I try. – user2897065 Oct 21 '13 at 08:50
  • I would like to report a case was work as expected. setting 'url_scheme = https' in development.ini. client --> nginx(192.168.3.5:443) -- forwarding --> waitress(localhost:6543) – user2897065 Oct 21 '13 at 12:49
  • Sorry, I can't parse from that workflow what you were expecting to work. The `url_scheme` setting just tells your app the protocol of the original request, but in no way affects anything else. – Michael Merickel Oct 21 '13 at 16:07
  • Couple of points: 1) Do you mean that certificate cannot be installed in waitress (app server)? 2) Rather it is to be installed on the web server (nginx) level? 3) And that setting url_scheme only tells the app server (waitress) which protocol to accept? 4) I do know about gevent app server that allows to install certificate (see http://www.danieleteti.it/gevent-and-flask-on-windows.html) – variable Mar 12 '20 at 08:17