gameguru Posted June 11, 2022 Posted June 11, 2022 I had a few questions around running a flask server. I was following this guide: https://flazepe.gitbook.io/heliohost/tutorials/flask But it doesn't seem to explain some of my questions. Even though I had this running in the past (before the run in with cPanel, on a free account), I can't seem to figure it out this time. I'm guessing my issue now is that the packages need to be installed at the user level, and that it's not picking up my .venv folder or direnv directive. But I need to know exactly what is going on. Information is included below. I would also like to know if it's possible to run a dev and production server on different ports or domains (from the same vps)? Can I also expose a pair of Postgres servers on different ports? I realize it's only a $4/month plan, so if I need to upgrade for some of these features that's fine. But traffic would be low either way. Here is the latest commit on my flask server, I've been playing around for the 3 commits before this. So let me know if I'm on the right track or doing anything horribly wrong or if it's just a matter of installing the packages into the path. My source: https://github.com/gamesguru/nutra-server/commit/420a1b3c79421f753c5a7ff6c7c257827165ca3e Heliohost info: gamesguru, vps76 We can update the docs for this too. I would like to use md & RST, but if the wiki is easier that works fine too. Flask is probably more urgent, but if we can show people how to set Postgres up on their vps that would help a lot I think.
Krydos Posted June 12, 2022 Posted June 12, 2022 For a VPS it's probably easier to just expose the flask port directly to the internet through the firewall rather than proxying it through apache or nginx. If you want your flask app to have https then it's best to proxy it though. I wouldn't use wsgi at all on a VPS honestly. The main purpose of wsgi is to reduce the cpu and memory usage of your app while it's not running. On a VPS you have all the memory and cpu you want so you may as well leave the flask app running 24/7. So the first step is to open your port in the firewall. "sudo ufw allow 20000" Then start your flask on the command prompt with something like "/usr/bin/python3.8 server.py" Then use your browser to go to the flask app "http://vps76.heliohost.us:20000/"
gameguru Posted June 12, 2022 Author Posted June 12, 2022 Let's start with the http and a dev server, i guess. Later you can point me in the direction of https. I tried the ufw allow command, and it said success and it said "Skipping adding existing rule (v6)" when I tried again to add port 20000. It's running on 127.0.0.1, not sure if that matters? But I still was NOT able to connect unfortunately from the outside world. Maybe i need to reboot after opening the port, or install something else or make more configuration changes? $ curl http://vps76.heliohost.us:20000/ curl: (7) Failed to connect to vps76.heliohost.us port 20000: Connection refused WARN: skipping reload cache, can't build Postgres connection [__main__] bypassing gunicorn... * Serving Flask app 'ntserv.__main__' (lazy loading) * Environment: production WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Debug mode: on * Running on http://127.0.0.1:20000 (Press CTRL+C to quit) * Restarting with stat
gameguru Posted June 12, 2022 Author Posted June 12, 2022 I found some resources on port forwarding and iptables. Something about nat and PREROUTING, but it didn't quite work and I spent some time finding out how to remove the rule. Anyways, my ufs is not enabled out of the box. When I try to enable it, i get a warning that it may disrupt existing ssh connections and will be enabled on reboot? $ sudo ufw status Status: inactive
gameguru Posted June 12, 2022 Author Posted June 12, 2022 Apparently it has to be 0.0.0.0 instead of 127.0.0.1 https://stackoverflow.com/questions/7023052/configure-flask-dev-server-to-be-visible-across-the-network I am able to interact from the outside world. But it brings me to the next points. HTTPS, and forwarding the default domain (to a specific port). There are warnings in the Flask server logs, by the guy on stackoverflow, practically everywhere that this is not good practice in production.
gameguru Posted June 13, 2022 Author Posted June 13, 2022 I'm able to deny myself service simply by issuing an https request; gunicorn will block all other requests from all other clients, until the HTTPS request times out and completes. Seems to be partly a Flask issue that I'll have to work out. Possibly by switching to golang. But the HTTPS not being supported at all, it's something this site could provide some documentation on. Out of the box, it's not supporting anything, and I have zero experience with things like nginx and certification. Heroku must have taken care of this for me, bc I never had to set it up. On the plus side, I wasn't aware of the severe blocking nature of Flask and this provides a perfect testing environment for that. $ ./sslscan vps76.heliohost.us:20000 Version: 2.0.13-3-gae20ee3-static OpenSSL 1.1.1p-dev xx XXX xxxx Connected to 216.218.216.163 Testing SSL server vps76.heliohost.us on port 20000 using SNI name vps76.heliohost.us SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 disabled TLSv1.1 disabled TLSv1.2 disabled TLSv1.3 disabled TLS Fallback SCSV: Connection failed - unable to determine TLS Fallback SCSV support TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: Supported Server Cipher(s): Certificate information cannot be retrieved. When i try to HTTPS on a sample go server, i get a nearly immediate reply. $ curl https://vps76.heliohost.us:5050 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number When I do the same on my Flask server, i get a similar error after a 20-30 second time out. $ curl https://vps76.heliohost.us:20000 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to vps76.heliohost.us:20000
Krydos Posted June 14, 2022 Posted June 14, 2022 The best way to do https on flask or go scripts is to proxy the connection through Apache or Nginx and have the webserver handle the SSL certificate.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now