AWS, Flask, HTTPS



Overview:

Reference:

Basic example - the ssl_context='adhoc' addition to app.run function.
Code:

from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return "Hello World!"

if __name__ == "__main__":     app.run(ssl_context='adhoc')

Trying to run this gives the following error messages in AWS:

* Serving Flask app "flask031" (lazy loading)
* Environment: production
   WARNING: This is a development server. Do not use it
in a production deployment.
   Use a production WSGI server instead.
* Debug mode: off
Traceback (most recent call last):
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
506, in generate_adhoc_ssl_pair
    from cryptography import x509
ModuleNotFoundError: No module named 'cryptography'

During handling of the above exception, another exception
occurred:

Traceback (most recent call last):
  File "/home/ec2-user/environment/flask031.py", line 84, in
<module>
    app.run (host="0.0.0.0", port=8080,
ssl_context='adhoc')
  File "/usr/local/lib/python3.6/site-packages/flask/app.py",
line 944, in run
    run_simple(host, port, self, **options)
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
1052, in run_simple
    inner()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
1005, in inner
    fd=fd,
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
848, in make_server
    host, port, app, request_handler,
passthrough_errors, ssl_context, fd=fd
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
758, in __init__
    ssl_context = generate_adhoc_ssl_context()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
592, in generate_adhoc_ssl_context
    cert, pkey = generate_adhoc_ssl_pair()
  File
"/usr/local/lib/python3.6/site-packages/werkzeug/serving.py", line
512, in generate_adhoc_ssl_pair
    raise TypeError("Using ad-hoc certificates
requires the cryptography library.")
TypeError: Using ad-hoc certificates requires the cryptography
library.    

Possible Solution - install pyopenssl:

  1. There are a bunch (>1000) packages that are blocked from yum installs through a priority flag.
    vocstartsoft:~/environment $ cd /etc/yum/pluginconf.d/
    vocstartsoft:/etc/yum/pluginconf.d $ dir
    priorities.conf  priorities.conf~  update-motd.conf  upgrade-helper.conf
    vocstartsoft:/etc/yum/pluginconf.d $ cat priorities.conf
    [main]
    enabled = 0
    vocstartsoft:/etc/yum/pluginconf.d $
    vocstartsoft:/etc/yum $ dir ../y*
    ../yum.conf

    ../yum:
    fssnap.d  pluginconf.d  protected.d  vars  version-groups.conf  yum-cron.conf  yum-cron-hourly.conf

    ../yum.repos.d:
    amzn-main.repo  amzn-nosrc.repo  amzn-preview.repo  amzn-updates.repo  epel.repo  epel-testing.repo
    vocstartsoft:/etc/yum $

    1. But this is not enough - and note that the yum.repos.d directory talks about amazon security, which I am not really interested in trying go around.
  2. Trying local on a Mac
    1. even adding a self-signed certificate, and telling Keychain Access to accept the new certificate, https only works using https://localhost, not htts://<ipAddress>.

End - Jun 30, 2020