I'm using Bottle as my webservice. Currently, its running on bottle's default wsgi server and handles HTTP requests. I want to encrypt my webservice and handle HTTPS requests. Can someone suggest a method for this. I tried running on cherrypy server, but the latest version is not supporting the pyOpenSSLAdapter.
Asked
Active
Viewed 5,952 times
3 Answers
9
As you know bottle also supports Gunicorn. You can find SSL information at
Code example
import bottle
from bottle import Bottle
BASE = Bottle()
@BASE.route('/', ['GET'])
def index():
return 'Index'
bottle.run(
app=BASE,
host='0.0.0.0',
port='8888',
server='gunicorn',
reloader=1,
debug=1,
keyfile='key.pem',
certfile='cert.pem'
)
Mo. Atairu
- 753
- 8
- 15
-
1Thanks! I tried on Windows, but after `pip install gunicorn` I still had: `ModuleNotFoundError: No module named 'fcntl'` and fcntl seems unavailable on Windows: https://stackoverflow.com/questions/45228395/error-no-module-named-fcntl. – Basj May 08 '20 at 08:38
-
Working on Linux, thanks! What are the main `gunicorn` advantages? Does it automatically start many processes or threads? Or is it mono-threaded, like wsgirefserver (IIRC)? – Basj May 08 '20 at 08:43
-
Yes it can, you can use gevent, tornado, eventlet .et.c . See https://docs.gunicorn.org/en/stable/run.html – Mo. Atairu May 08 '20 at 09:08
-
OK I'll look at that! What would you recommend @EM28? Bottle + gunicorn (+ gevent or tornado or not necessarily?) + nginx or apache ? Or would you totally avoid apache/nginx? I know there are many documented options, but I was curious which one you use, so I'll look at this precisely. – Basj May 08 '20 at 13:20
-
You can leave out Nginx if your only expecting traffic from identified parties. However, if you are expecting public traffic, Nginx will be a good idea. – Mo. Atairu May 08 '20 at 15:49
-
Thanks @EM28. Last question: we use bottle for the app itself, gunicorn as web server, but what is the main role of the gevent additional layer? i.e. why not bottle + gunicorn alone? – Basj May 08 '20 at 16:47
-
Study the following: (1) https://docs.gunicorn.org/en/stable/design.html (2) https://docs.gunicorn.org/en/stable/install.html#async-workers – Mo. Atairu May 09 '20 at 11:03
4
Quick way of achieving https through nginx reverse proxy:-
apt install nginx
Edit /etc/nginx/sites-enabled/default:-
server {
listen 80 default_server; #listen on port 80
listen [::]:80 default_server ipv6only=on;
server_name yourdomain.com www.yourdomain.com; #edit 'yourdomain' with your domain name
root /var/www/html/; #edit to match wherever your bottle-py root folder is
location / {
proxy_pass http://127.0.0.1:8080/;
#assuming configuration of bottle-py run() command is 127.0.0.1:8080
}
}
HTTPS with certbot:-
Login to your domain name provider for 'yourdomain.com' and point 'A-records' to point to your server IP.
apt install certbot python-certbot-nginx
sudo certbot --nginx
Follow the on terminal instructions for certbot. Now bottle-py is served with https by a nginx reverse proxy.
Check https://yourdomain.com and confirm https valid certificate installation.
This is a quick way of doing it. Read more at nginx and certbot documentation.
Anu
- 65
- 8
-
For ubuntu 20.04 `apt install certbot python3-certbot-nginx` [refLink](https://linuxways.net/ubuntu/how-to-install-the-lets-encrypt-certificate-using-certbot-in-ubuntu-20-04/) – Lukas Feb 06 '22 at 00:32
2
You need to put your WSGI server (not WsgiRef certainly) behind a reverse-proxy with https support. Nginx is the most common choice.
Roman Miroshnychenko
- 1,496
- 1
- 10
- 16
-
sorry it is running on wsgi server only. But I don't know how to implement ssl on this – Gaurav Ram May 17 '17 at 19:24
-
2Like it or not, but this is how things are done in real-life deployments. Not to mention that you need to serve your static files as well. – Roman Miroshnychenko May 17 '17 at 20:42