librelist archives

« back to archive

Flask+SSL+gunicorn+static files=problem

Flask+SSL+gunicorn+static files=problem

From:
Todd Gureckis
Date:
2013-11-08 @ 04:30
Hi All,
Trying to use my Flask app in a https:// setting.

I followed the very helpful guide here: http://flask.pocoo.org/snippets/111/
which describes how to serve up HTTPS directly from Flask
and got it serving nicely.  Hooray.

However, I need to use a faster WSGI server for deployment (and have experience
with gunicorn).  

Using an approach similar to the one suggested here: 
http://stackoverflow.com/a/14163851 
(i.e., using the command line to specify the SSL certs) it worked ok.   Dynamic
routes accessed at https://localhost work great.  However, requests for 
files in ‘static’ folder 
(e.g., https://localhost:myport/static/myimage.png) do not work.   The 
browser (e.g., Chrome)
claims to be unable to make a “secure connection to the server 
ERR_SSL_PROTOCOL_ERROR.  
As best I can tell something about the SSL certs are not making it into 
the part of Flask/Werkzeug
that serves up static files.  

Any suggestions?  I’m having trouble debugging to know if this is a issue with
Flask or gunicorn.  I’ve googled hard and even tried reading the Flask source to
try to discern where gunicorn passes the SSL credentials with no luck.  Is
this by 
any chance a known issue I should open on github?

I’m on Mac OS X Mavericks with  Python 2.7.3 if it is relevant.

Sincere thanks,
T

Re: Flask+SSL+gunicorn+static files=problem

From:
Todd Gureckis
Date:
2013-11-08 @ 18:23
Hacking around in gunicorn and talking with the project owner, I located 
the issue.  gunicorn has a branch with a partial
fix (https://github.com/benoitc/gunicorn/tree/fix/ssl) in case anyone else
runs up against this
and I have a little patch that makes it work
(https://github.com/gureckis/gunicorn/tree/fix/ssl)

On Nov 7, 2013, at 11:30 PM, Todd Gureckis <todd.gureckis@nyu.edu> wrote:

> Hi All,
> Trying to use my Flask app in a https:// setting.
> 
> I followed the very helpful guide here: http://flask.pocoo.org/snippets/111/
> which describes how to serve up HTTPS directly from Flask
> and got it serving nicely.  Hooray.
> 
> However, I need to use a faster WSGI server for deployment (and have experience
> with gunicorn).  
> 
> Using an approach similar to the one suggested here: 
http://stackoverflow.com/a/14163851 
> (i.e., using the command line to specify the SSL certs) it worked ok.   Dynamic
> routes accessed at https://localhost work great.  However, requests for 
files in ‘static’ folder 
> (e.g., https://localhost:myport/static/myimage.png) do not work.   The 
browser (e.g., Chrome)
> claims to be unable to make a “secure connection to the server 
ERR_SSL_PROTOCOL_ERROR.  
> As best I can tell something about the SSL certs are not making it into 
the part of Flask/Werkzeug
> that serves up static files.  
> 
> Any suggestions?  I’m having trouble debugging to know if this is a issue with
> Flask or gunicorn.  I’ve googled hard and even tried reading the Flask source to
> try to discern where gunicorn passes the SSL credentials with no luck.  
Is this by 
> any chance a known issue I should open on github?
> 
> I’m on Mac OS X Mavericks with  Python 2.7.3 if it is relevant.
> 
> Sincere thanks,
> T

Re: [flask] Flask+SSL+gunicorn+static files=problem

From:
gioi
Date:
2013-11-08 @ 15:21
That's really strange. I think this is a gunicorn or a Chrome problem.
Have you tested it in another browser? Can you give us TLS version (if
you know what it means)?
BTW, I'm trying to reproduce it.

Re: [flask] Flask+SSL+gunicorn+static files=problem

From:
Todd Gureckis
Date:
2013-11-08 @ 15:38
sorry, I don't know what the TLS version (is it related to how i generated
my key/cert files?):

      $ openssl genrsa 1024 > ssl.key
      $ openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.cert

for me it's basically just running my Flask like this

      $ gunicorn -c config_gunicorn.py 'myapp:app' --keyfile ssl.key 
--certfile ssl.cert

where config_gunicorn.py is really simple:

      import multiprocessing
      workers = multiprocessing.cpu_count() * 2 + 1
      bind = "0.0.0.0" + ":" + "5001"
      print "Running on:", bind


and 

$ gunicorn --version
gunicorn (version 18.0)

On Nov 8, 2013, at 10:21 AM, gioi <g@gioi.tk> wrote:

> That's really strange. I think this is a gunicorn or a Chrome problem.
> Have you tested it in another browser? Can you give us TLS version (if
> you know what it means)?
> BTW, I'm trying to reproduce it.
> 

Re: [flask] Flask+SSL+gunicorn+static files=problem

From:
gioi
Date:
2013-11-08 @ 15:41
Il 08/11/2013 16:38, Todd Gureckis ha scritto:
> sorry, I don't know what the TLS version (is it related to how i 
generated my key/cert files?):
No, actually not. But no problem, I should be able to retrieve it.