AWS, Flask, HTTPS

Overview:

• https://blog.miguelgrinberg.com/post/running-your-flask-application-over-https

Basic example - the ssl_context='adhoc' addition to app.run function.
Code:

from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return "Hello World!"

if __name__ == "__main__":
    app.run(ssl_context='adhoc')
    

Trying to run this gives the following error messages in AWS:

* Serving Flask app "flask031" (lazy loading)
* Environment: production
   WARNING: This is a development server. Do not use it
in a production deployment.
   Use a production WSGI server instead.
* Debug mode: off
Traceback (most recent call last):
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
506, in generate_adhoc_ssl_pair
    from cryptography import x509
ModuleNotFoundError: No module named 'cryptography'

During handling of the above exception, another exception
occurred:

Traceback (most recent call last):
  File "/home/ec2-user/environment/flask031.py", line 84, in
<module>
    app.run (host="0.0.0.0", port=8080,
ssl_context='adhoc')
  File "/usr/local/lib/python3.6/site-packages/flask/app.py",
line 944, in run
    run_simple(host, port, self, **options)
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
1052, in run_simple
    inner()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
1005, in inner
    fd=fd,
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
848, in make_server
    host, port, app, request_handler,
passthrough_errors, ssl_context, fd=fd
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
758, in __init__
    ssl_context = generate_adhoc_ssl_context()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
592, in generate_adhoc_ssl_context
    cert, pkey = generate_adhoc_ssl_pair()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
512, in generate_adhoc_ssl_pair
    raise TypeError("Using ad-hoc certificates
requires the cryptography library.")
TypeError: Using ad-hoc certificates requires the cryptography
library.    

Possible Solution - install pyopenssl:

1. There are a bunch (>1000) packages that are blocked from yum installs through a priority flag.
   vocstartsoft:~/environment $ cd /etc/yum/pluginconf.d/
   vocstartsoft:/etc/yum/pluginconf.d $ dir
   priorities.conf  priorities.conf~  update-motd.conf  upgrade-helper.conf
   vocstartsoft:/etc/yum/pluginconf.d $ cat priorities.conf
   [main]
   enabled = 0
   vocstartsoft:/etc/yum/pluginconf.d $
   vocstartsoft:/etc/yum $ dir ../y*
   ../yum.conf
   
   ../yum:
   fssnap.d  pluginconf.d  protected.d  vars  version-groups.conf  yum-cron.conf  yum-cron-hourly.conf
   
   ../yum.repos.d:
   amzn-main.repo  amzn-nosrc.repo  amzn-preview.repo  amzn-updates.repo  epel.repo  epel-testing.repo
   vocstartsoft:/etc/yum $
   
   
1. But this is not enough - and note that the yum.repos.d directory talks about amazon security, which I am not really interested in trying go around.
   
2. Trying local on a Mac
1. even adding a self-signed certificate, and telling Keychain Access to accept the new certificate, https only works using https://localhost, not htts://<ipAddress>.