how to build uWSGI with SSL support to use the websocket handshake API function?

Question

What I have: ubuntu 14.4 uwsgi running with flask (python) with nginx as reverse proxy.

What I want: running this example of WebSockets: https://github.com/zeekay/flask-uwsgi-websocket/blob/master/examples/echo/echo.py

When I'm running this application with chromepy on port 5000, it is working fine but when I try to run without chromepy I get an error

The error:

Thu Jun 12 12:58:24 2014 - you need to build uWSGI with SSL support to use the websocket handshake api function !!!
Traceback (most recent call last):
  File "/home/lab_alglab/rep/car/local/lib/python2.7/site-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/lab_alglab/rep/car/local/lib/python2.7/site-packages/flask_uwsgi_websocket/websocket.py", line 54, in __call__
    uwsgi.websocket_handshake(environ['HTTP_SEC_WEBSOCKET_KEY'], environ.get('HTTP_ORIGIN', ''))
IOError: unable to complete websocket handshake

Answer 1

I had to install OpenSSL via brew. Then run this command.

CFLAGS="-I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" UWSGI_PROFILE_OVERRIDE=ssl=true pip install uwsgi -Iv

Answer 2

As one of the poster's below mentioned, you'll need the openssl headers, and if they're in a non-traditional place (for example on Mac OS-X) you have to let uWSGI know.

On Debian/Ubuntu install them with "apt-get install libssl-dev". They'll go in /usr/include/" which is part of UWSGI's automatic path. You should be done.

Mac OS-X El Capitan (10.11) removed the openssl headers. You can check common places with this command--they may have been installed by a package manager like brew or macports.

find /usr/local/include /usr/include /opt/local/include /usr/local/ssl/include -name openssl -type d 2> /dev/null

If that command returns nothing, you'll need to install the headers. You can install them with MacPorts (port install openssl) which will put them in /opt/local/include with a link in /usr/local/include. You can also install them directly, by downloading and untarballing openssl, running "./Configure darwin64-x86_64-cc", then "make", and finally "sudo make install".

Xcode's build utilities package a whole pre-defined build environment. With XCode projects that means developers have a common base to work from, and anything not in the base must be in XCode project. Building open source projects outside the base, gets a bit messy because dependencies like openssl live outside the base directories. You can give uwsgi's build chain ONE include directory to use. It doesn't support the PATH style : separator.

In most install cases, the following should work on OpenSSL.

UWSGI_INCLUDES=/usr/local/include/ pip install uwsgi  

Answer 3

just install openssl development headers (libssl-dev) and rebuild uwsgi (its build system will automatically detect ssl availability)

Answer 4

I fixed my version of this issue by installing uwsgi through pip (outside venv), and changing the init script (Ubuntu) /etc/init.d/uwsgi to run the newly installed 2.x branch (instead of 1.9).

Pip installed to /user/local/bin, so I changed the line daemon to: DAEMON="/usr/local/bin/uwsgi"

Answer 5

You can specify the location of the development headers with LDFLAGS. As an aside, this can happen on OS X as well due to El Capitan no longer shipping headers.

LDFLAGS="-L/usr/local/lib" pip install uwsgi --no-use-wheel

Answer 6

Solution for Ubuntu 20.04 and python 3.8.10 and pip installed via apt as system packages:

# switch to root because system packages can't be changed without root privileges
# This is not necessary for user based environment like virtualenv or pyenv
sudo su -

# Uninstall previous version of `uwsgi` if exists
pip uninstall uwsgi

# Install libraries for SSL support
apt-get install libssl-dev

## Manually build uwsgi with SSL support
# set necessary lib paths
export CFLAGS="-I/usr/include/openssl"
# aarch64-linux-gnu folder used for ARM architecture and may be different for your env
# use [apt-file list libssl-dev] to check lib folders (apt-file should be additionally installed)
export LDFLAGS="-L/usr/lib/aarch64-linux-gnu"
# activate SSL support
export UWSGI_PROFILE_OVERRIDE=ssl=true
# build uwsgi using pip (--no-use-wheel depricated so used --no-binary instead)
# this command will install 2.0.20 version. Version may be changed or removed. It is not mandatory
pip install -I --no-binary=:all: --no-cache-dir uwsgi==2.0.20

# Check SSL support
uwsgi --help | grep https

Expected output:

    --https-socket                          bind to the specified UNIX/TCP socket using HTTPS protocol
    --https-socket-modifier1                force the specified modifier1 when using HTTPS protocol
    --https-socket-modifier2                force the specified modifier2 when using HTTPS protocol
    --https                                 add an https router/server on the specified address with specified certificate and key
    --https2                                add an https/spdy router/server using keyval options
    --https-export-cert                     export uwsgi variable HTTPS_CC containing the raw client certificate
    --https-session-context                 set the session id context to the specified value
    --http-to-https                         add an http router/server on the specified address and redirect all of the requests to https

_{Based on other answers and comments in this thread. Thank you guys}