Is there really a better way to study for an AWS cert then to set up some services on a locally owned vm service? I think not.
So, before I forget what I did I am going to document it. The good. The bad, the new commands, and the ugly.
The goal is to publish some flask apps over the web, using ssl, on Ubuntu.
I have been crashing and burning with Apache. I just really don’t want to figure out nginx today so cobbled together info I found around to get it up and running.
First up. The cert. I use clouldflare for DNS, so ran through the directions for setting up certbot with cloudflare. This ran rather smooth and let me know where my certs were.
*I also had to run certbot a second time, because there is a piece of the website that is serving static data from apache. I will use those certs to run the Flask apps as well.
For a few days I had been running my Flask apps inside of Docker, but with these certs I was really breaking security best practices trying to get this to work and decided to find a simpler way.
gunicorn will run with certs and after trying to get it to run inside docker I decided to go with the setting things up as a service. It’s needed if I ever want to get these running with apache or nginx, but for now I can run them stand alone.
I found a great guide to setting up startup scripts on the Ubuntu box. This and making some modifications to the gunicorn configs have left me with a pretty reproducible way to set up and tear down test apps pretty quick.
As long as I remember to renew my certs, I should now be able to spring up and pull down small test apps.
- Have certs. Good start.
- Make app
- copy config and set ports
- make service
- deal with all the security implications of how I did things
Want to play with the apps? Check ’em out at https://play.themonkeyplayground.com