How can I get SSL for a Flask app run over Gunicorn?

Question

I run a Flask app over Gunicorn on Ubuntu 18.04. Gunicorn runs on Port 80. I have NGINX setup, but it isn't used and is disabled. I was able to successfully setup cert-bot for NGINX, but it doesn't help as NGINX isn't used and it also conflicts with gunicorn on Port 80. Is it possible to get a SSL Certificate specifically for Gunicorn/Flask or something that can work with it? SSL and https is essential for the page.

Answer 1

An alternative approach is to make use of a secure tunnelling service like ngrok. With ngrok, you can easily tunnel from your gunicorn server to a https enabled endpoint they provide. Depending on your purpose, this could be a convenient workaround.

Using ngrok is as simple as (after installing):

gunicorn -b 0.0.0.0:4000
ngrok http 4000

This provides you with a secure endpoint like https://abcd.ngrok.io that you can send requests to, just the way you'd send requests to your gunicorn server.

So http://0.0.0.0:4000/hello becomes https://abcd.ngrok.io/hello

Answer 2

You can use certbot generated SSL Certificates with Gunicorn:

1. Follow certbot instructions for software "Other". Note the location where generated files are saved.
2. Run Gunicorn and specify certificate and key paths using --keyfile and --certfile options. Example: gunicorn --keyfile /some/path/key.pem --certfile /some/path/cert.pem main:app

Answer 3

I'd recommend to change the port for Gunicorn to something else, or even bind it to a socket.

Then you can use Nginx to handle SSL.

Gunicorn offers extensive documentation:

https://docs.gunicorn.org/en/stable/index.html

Update

DigitalOcean always offers extremely good tutorials:

https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-gunicorn-and-nginx-on-ubuntu-18-04