VPS Flask public_html/, running with venv, and questions about the port

[gameguru]

I had a few questions around running a flask server.                             
                                                                                 
I was following this guide: https://flazepe.gitbook.io/heliohost/tutorials/flask
                                                                                 
But it doesn't seem to explain some of my questions. Even though I had this      
running in the past (before the run in with cPanel, on a free account), I can't  
seem to figure it out this time.                                                 
                                                                                 
I'm guessing my issue now is that the packages need to be installed at the user  
level, and that it's not picking up my .venv folder or direnv directive.         
                                                                                 
But I need to know exactly what is going on. Information is included below.      
                                                                                 
I would also like to know if it's possible to run a dev and production server on
different ports or domains (from the same vps)?                                  
Can I also expose a pair of Postgres servers on different ports?                 
I realize it's only a $4/month plan, so if I need to upgrade for some of these   
features that's fine. But traffic would be low either way.                       
                                                                                 
                                                                                 
Here is the latest commit on my flask server, I've been playing around for the 3
commits before this. So let me know if I'm on the right track or doing anything  
horribly wrong or if it's just a matter of installing the packages into the      
path.                                                                            
                                                                                 
My source: https://github.com/gamesguru/nutra-server/commit/420a1b3c79421f753c5a7ff6c7c257827165ca3e
                                                                                 
Heliohost info: gamesguru, vps76                                                 
                                                                                 
                                                                                 
We can update the docs for this too.                                             
                                                                                 
I would like to use md & RST, but if the wiki is easier that works fine too.     
Flask is probably more urgent, but if we can show people how to set Postgres up  
on their vps that would help a lot I think.

[Krydos]

For a VPS it's probably easier to just expose the flask port directly to the internet through the firewall rather than proxying it through apache or nginx. If you want your flask app to have https then it's best to proxy it though. I wouldn't use wsgi at all on a VPS honestly. The main purpose of wsgi is to reduce the cpu and memory usage of your app while it's not running. On a VPS you have all the memory and cpu you want so you may as well leave the flask app running 24/7.

So the first step is to open your port in the firewall. "sudo ufw allow 20000"

Then start your flask on the command prompt with something like "/usr/bin/python3.8 server.py"

Then use your browser to go to the flask app "http://vps76.heliohost.us:20000/"

[gameguru]

Let's start with the http and a dev server, i guess. Later you can point me in the direction of https.

I tried the ufw allow command, and it said success and it said "Skipping adding existing rule (v6)" when I tried again to add port 20000.

It's running on 127.0.0.1, not sure if that matters?  But I still was NOT able to connect unfortunately from the outside world. Maybe i need to reboot after opening the port, or install something else or make more configuration changes?

$ curl http://vps76.heliohost.us:20000/
curl: (7) Failed to connect to vps76.heliohost.us port 20000: Connection refused

WARN: skipping reload cache, can't build Postgres connection
[__main__] bypassing gunicorn...
 * Serving Flask app 'ntserv.__main__' (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: on
 * Running on http://127.0.0.1:20000 (Press CTRL+C to quit)
 * Restarting with stat

[gameguru]

I found some resources on port forwarding and iptables. Something about nat and PREROUTING, but it didn't quite work and I spent some time finding out how to remove the rule.

Anyways, my ufs is not enabled out of the box. When I try to enable it, i get a warning that it may disrupt existing ssh connections and will be enabled on reboot?

$ sudo ufw status
Status: inactive

[gameguru]

Apparently it has to be 0.0.0.0 instead of 127.0.0.1

https://stackoverflow.com/questions/7023052/configure-flask-dev-server-to-be-visible-across-the-network

I am able to interact from the outside world.

But it brings me to the next points. HTTPS, and forwarding the default domain (to a specific port).

There are warnings in the Flask server logs, by the guy on stackoverflow, practically everywhere that this is not good practice in production.

[gameguru]

I'm able to deny myself service simply by issuing an https request; gunicorn will block all other requests from all other clients, until the HTTPS request times out and completes. Seems to be partly a Flask issue that I'll have to work out. Possibly by switching to golang.

But the HTTPS not being supported at all, it's something this site could provide some documentation on.

Out of the box, it's not supporting anything, and I have zero experience with things like nginx and certification. Heroku must have taken care of this for me, bc I never had to set it up. On the plus side, I wasn't aware of the severe blocking nature of Flask and this provides a perfect testing environment for that.

$ ./sslscan vps76.heliohost.us:20000
Version: 2.0.13-3-gae20ee3-static
OpenSSL 1.1.1p-dev  xx XXX xxxx

Connected to 216.218.216.163

Testing SSL server vps76.heliohost.us on port 20000 using SNI name vps76.heliohost.us

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   disabled
TLSv1.3   disabled

  TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:

  Supported Server Cipher(s):
Certificate information cannot be retrieved.

When i try to HTTPS on a sample go server, i get a nearly immediate reply.

$ curl https://vps76.heliohost.us:5050
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

When I do the same on my Flask server, i get a similar error after a 20-30 second time out.

$ curl https://vps76.heliohost.us:20000
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to vps76.heliohost.us:20000

 

[Krydos]

The best way to do https on flask or go scripts is to proxy the connection through Apache or Nginx and have the webserver handle the SSL certificate.