Official method of securing this with HTTPS?

[azaloum90]

Instructions for securing this with HTTPS are rather scarce. Any information on this?

Thanks! Adam

[jparise]

There is no official method for doing this, but I found this article that summarizes some of the approaches for running a Flask-based Python application over HTTPS: https://zhangtemplar.github.io/flask/

In our environment, we run it a traffic proxy (e.g. Envoy, nginx) that performs TLS termination.

[ck-7]

Here my config .conf

ServerTokens Prod ServerSignature Off Listen 1x.xxx.xxx:443 <VirtualHost 1x.xxx.xxx:443> ServerName example.net Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Options -Indexes ProxyPreserveHost On ProxyRequests off SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerName off SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off SSLEngine On SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256' SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off Loglevel debug # Set the path to SSL certificate # Usage: SSLCertificateFile /path/to/cert.pem SSLCertificateFile /etc/ssl/crt.crt SSLCertificateKeyFile /etc/ssl/key.key SSLCertificateChainFile /etc/ssl/ca.crt ErrorLog "/var/log/httpd/snappass-error.log" CustomLog "/var/log/httpd/snappass-access.log" combined ProxyPass / http://0.0.0.0:5000/ ProxyPassReverse / http://0.0.0.0:5000/ </VirtualHost>