running py4web with https

[raghavender goud]

Hi, 

We would like to secure our application and make it accessible only on "https".

We are starting the application on port 443 and passing necessary ssl certification and key information, yet the application URL always starts with "http" only.

Dashboard is at: http://0.0.0.0:443/_dashboard

Any suggestions?

[Jim Steil]

I have nginx in front of py4web to handle https.  All configuration is then done in nginx.

-Jim

[raghavender goud]

Hi Jim,

Could you please elaborate on this?, is there any document which i can refer ? 

Regards,

Raghavender

[Jim Steil]

nginx is a high performance web server that runs on linux.  nginx would be set up to listen on a certain IP address and all browsers would point to that address.  When nginx received a request from a browser, it would pass that request to py4web.  nginx can then be configured to forward all http requests for that address to https.

Unfortunately we don't have a good doc on this.

However, we do have a sample install script for an ubuntu server.

If you have installed py4web from source (github), you should have a directory in the main py4web directory called deployment_tools.  From there, navigate to the ubuntu directory and there you will see a script called machine-setup.sh.  This script will install py4web onto an ubuntu server with nginx ahead of it.

-Jim

[Nico Zanferrari]

Yes, I was thinking exactly the same.

You can also look at the Ubuntu script online at https://github.com/web2py/py4web/blob/master/deployment_tools/ubuntu/machine-setup.sh , and it works fine with https (I've tested it on Azure).

nico

--
You received this message because you are subscribed to the Google Groups "py4web" group.
To unsubscribe from this group and stop receiving emails from it, send an email to py4web+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/py4web/b40401df-4420-4a70-9933-6c447c5a8245n%40googlegroups.com.

[xgp.l...@gmail.com]

Hi all,

Using https with nginx is not complex. But, what about using https with gunicorn or tornado?

As i remember rocket server is ssl support is broken.

Cheers,

[Jim Steil]

I don't know about those options.  I just use nginx and pass to py4web as described in the machine-setup script.

-Jim

You received this message because you are subscribed to a topic in the Google Groups "py4web" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/py4web/XOGD4FuIlnA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to py4web+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/py4web/afc828fb-15da-429b-8c51-3ab6ac060f42n%40googlegroups.com.

[Christian Varas]

Hi, a secure implementations is nginx ( which is fast and efficient ) as reverse proxy handling ssl , rates limit, timeout and a lot of other properties and security configuration, pointing to py4web using rocket, tornado or any other server.

Using ssl direct with rocket or another python server is ok just for dev.

Cheers

El El dom, 12 de dic. de 2021 a la(s) 13:25, xgp.l...@gmail.com <xgp.l...@gmail.com> escribió:

Hi,

Runnung rocketserver using ssl works. Just specify the cert and key files.

Cheers,

To view this discussion on the web visit https://groups.google.com/d/msgid/py4web/905e2e74-5a06-4768-ade3-fdf78ce7d0dbn%40googlegroups.com.

[zejd...@gmail.com]

Hi I use nginx and letsencrypt in a docker container based on https://github.com/jwulf/letsencrypt-nginx-sidecar.git running alongside docker containers for individual py4web apps.

David

[nmacneil]

I found a way to set this up locally for backend development (or other intended usage). You'll need the pull requests I added (py4web #702 and ombott #1) to allow you to use https with RocketServer. 

Steps To Setup:

1. To generate the localhost certificates I followed the instructions here https://www.section.io/engineering-education/how-to-get-ssl-https-for-localhost/.
   • I ran the commands in the Git Bash terminal that comes pre-installed in VS Code (Terminal > New Terminal > Git Bash).
     
     
2. I updated my py4web vscode launch.json file to contain (ssl_cert and ssl_key should be the paths to the files you created in step 1): 
   • "configurations": [

             {

                 "name": "py4web",

                 "type": "python",

                 "request": "launch",

                 "program": "${workspaceFolder}\\py4web.py",

                 "args": [

                     "run",

                     "apps",

                     "--ssl_cert", "C:/Users/some_user/Documents/Projects/localkeys/cert/CA/localhost/localhost.crt",

                     "--ssl_key", "C:/Users/some_user/Documents/Projects/localkeys/cert/CA/localhost/localhost.decrypted.key",

                     "--server", "rocketServer",

                 ]

             }

         ]
3. Go into Chrome (or Google details for the browser you prefer) > Settings > Security > Manage certificates > Import > choose CA.pem > Set as trusted root certificate.
   
   
4. Restart your browser and it should now run securely on localhost or 127.0.0.1.