How to make bottle server HTTPS python

Asked 16/5, 2017 at 23:18 Answered 8/5, 2020 at 8:2

I'm using Bottle as my webservice. Currently, its running on bottle's default wsgi server and handles HTTP requests. I want to encrypt my webservice and handle HTTPS requests. Can someone suggest a method for this. I tried running on cherrypy server, but the latest version is not supporting the pyOpenSSLAdapter.

Hilaria answered 16/5, 2017 at 23:18 Comment(0)

As you know bottle also supports Gunicorn. You can find SSL information at

https://docs.gunicorn.org/en/latest/settings.html?highlight=ssl#ssl

Code example

import bottle
from bottle import Bottle

BASE = Bottle()


@BASE.route('/', ['GET'])
def index():
    return 'Index'


bottle.run(
    app=BASE, 
    host='0.0.0.0',
    port='8888',
    server='gunicorn',
    reloader=1,
    debug=1,
    keyfile='key.pem',
    certfile='cert.pem'
)

Rentfree answered 8/5, 2020 at 8:2 Comment(7)

Thanks! I tried on Windows, but after pip install gunicorn I still had: ModuleNotFoundError: No module named 'fcntl' and fcntl seems unavailable on Windows: #45228895. – Walworth 8/5, 2020 at 8:38

Working on Linux, thanks! What are the main gunicorn advantages? Does it automatically start many processes or threads? Or is it mono-threaded, like wsgirefserver (IIRC)? – Walworth 8/5, 2020 at 8:43

Yes it can, you can use gevent, tornado, eventlet .et.c . See docs.gunicorn.org/en/stable/run.html – Rentfree 8/5, 2020 at 9:8

OK I'll look at that! What would you recommend @EM28? Bottle + gunicorn (+ gevent or tornado or not necessarily?) + nginx or apache ? Or would you totally avoid apache/nginx? I know there are many documented options, but I was curious which one you use, so I'll look at this precisely. – Walworth 8/5, 2020 at 13:20

You can leave out Nginx if your only expecting traffic from identified parties. However, if you are expecting public traffic, Nginx will be a good idea. – Rentfree 8/5, 2020 at 15:49

Thanks @EM28. Last question: we use bottle for the app itself, gunicorn as web server, but what is the main role of the gevent additional layer? i.e. why not bottle + gunicorn alone? – Walworth 8/5, 2020 at 16:47

Study the following: (1) docs.gunicorn.org/en/stable/design.html (2) docs.gunicorn.org/en/stable/install.html#async-workers – Rentfree 9/5, 2020 at 11:3

Quick way of achieving https through nginx reverse proxy:-

apt install nginx

Edit /etc/nginx/sites-enabled/default:-

server {
  listen 80 default_server; #listen on port 80
  listen [::]:80 default_server ipv6only=on;

  server_name yourdomain.com www.yourdomain.com; #edit 'yourdomain' with your domain name
  root /var/www/html/; #edit to match wherever your bottle-py root folder is

  location / {
    proxy_pass http://127.0.0.1:8080/; 
    #assuming configuration of bottle-py run() command is 127.0.0.1:8080
  }
}

HTTPS with certbot:-

apt install certbot python-certbot-nginx
sudo certbot --nginx

Follow the on terminal instructions for certbot. Now bottle-py is served with https by a nginx reverse proxy.

Check https://yourdomain.com and confirm https valid certificate installation.

This is a quick way of doing it. Read more at nginx and certbot documentation.

Archives answered 15/1, 2020 at 15:51 Comment(1)

For ubuntu 20.04 apt install certbot python3-certbot-nginx refLink – Fishwife 6/2, 2022 at 0:32

You need to put your WSGI server (not WsgiRef certainly) behind a reverse-proxy with https support. Nginx is the most common choice.

Valentinvalentina answered 17/5, 2017 at 5:23 Comment(2)

sorry it is running on wsgi server only. But I don't know how to implement ssl on this – Hilaria 17/5, 2017 at 19:24

Like it or not, but this is how things are done in real-life deployments. Not to mention that you need to serve your static files as well. – Valentinvalentina 17/5, 2017 at 20:42

Recommended topics

Hot tags