Secure Deployment of Your Flask App with HTTPS Using Gevent WSGI Server

So, you’ve successfully built an amazing Flask web application, and now you’re ready to share it with the world. But there’s a critical aspect to consider — security. In this guide, I’ll walk you through the process of deploying your Flask app on a production server while ensuring it’s protected with HTTPS. We’ll achieve this by using the Gevent WSGI server, a rock-solid choice for web applications.

The Significance of Security

Before we delve into the technical aspects of this deployment, it’s crucial to understand why security is paramount. Here are some compelling reasons:

• Privacy: We want to safeguard the sensitive data exchanged between our app and its users. Privacy is a top priority.
• Data Integrity: Ensuring the integrity of the data your app handles is vital. Secure deployment prevents unauthorized tampering with the data during transmission.

Prerequisites

Before we start the deployment process, there are a few essential prerequisites to ensure a smooth journey.

What You Need

SSL Certificate and Private Key: To enable HTTPS for your Flask app, you’ll require an SSL certificate and a private key.

Setting Up Gevent

Before we proceed with the deployment, you need to install the Gevent library. You can do this by running the following command:

pip install gevent        

Generating an SSL Certificate and Private Key

Let’s initiate the deployment process by creating an SSL certificate and a private key:

Step 1: Download OpenSSL Visit the Win32 OpenSSL website and download the version compatible with your operating system (e.g., Windows).

Step 2: Open the OpenSSL Command Prompt After installing OpenSSL, you’ll have access to the “OpenSSL Win64” program, which opens a command prompt tailored for OpenSSL operations.

Step 3: Generate SSL Certificate and Private Key In the OpenSSL command prompt, execute the following command to create a self-signed SSL certificate and a private key:

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt        

Follow the prompts to provide the necessary information, including the Common Name (CN).

Setting Up Your Flask App

With your SSL certificate and private key ready, it’s time to configure your Flask app. Here’s how your app’s structure should look:

/your-flask-app
    ├── app.py
    ├── server.crt
    └── server.key        

• app.py: This is the heart of your Flask application, where you define its routes and business logic.
• server.crt: Think of this as your app’s secure handshake. It ensures the safe exchange of data.
• server.key: This key works in tandem with the SSL certificate, providing the necessary protection for your data.

Running Your Flask App with Gevent

Now that everything is set up, it’s time to serve your Flask app using the Gevent WSGI server. Below is the code snippet you’ll need:

from flask import Flask
from gevent import pywsgi
app = Flask(__name__)
@app.route('/')
def home():
 return 'Welcome to your secure Flask app with HTTPS!'
if __name__ == '__main__':
 http_server = pywsgi.WSGIServer(('0.0.0.0', 443), app, keyfile='server.key', certfile='server.crt')
 http_server.serve_forever()        

Here’s what this code does:

• It imports the necessary libraries.
• It defines your Flask app and creates a straightforward route for your app’s home page.
• Finally, it sets up the Gevent WSGI server to serve your app on port 443, which is the default port for HTTPS. The SSL certificate and private key are also applied to ensure secure communication.

Let’s Wrap It Up!

Congratulations on successfully deploying your Flask application on a production server with HTTPS security, thanks to the Gevent WSGI server. Your users now enjoy a secure and reliable environment that safeguards their privacy and data integrity.

I want to express my heartfelt appreciation to my colleague Mahesh Deshmukh for their invaluable contribution to this project.

Stay tuned for more exciting updates and valuable insights in our journey to enhance your Flask app's security.