Giters

andrearama / secure-flask-container-template

A template repo showing how to serve an API over HTTPS conveniently with Let's Encrypt certificates, using Certbot, Nginx, and - exemplarily - Flask, each running in a Docker container spun up through Docker Compose.

Home Page:https://blog.mkari.de/posts/secure-apis/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

HTTPS-secured APIs with Docker

A template repo showing how to serve an API over HTTPS conveniently with Let's Encrypt certificates, using Certbot, Nginx, and - exemplarily - Flask , each running in a Docker container spun up through Docker Compose.

This repo accompanies my blog post under https://blog.mkari.de/posts/secure-apis/.

Quick Start for Serving an API

  1. Assuming domain from Namecheap and docker on DO do: https://www.namecheap.com/support/knowledgebase/article.aspx/10375/2208/how-do-i-link-a-domain-to-my-digitalocean-account/

  2. ON DO ->Networking->Domains, follow the "Set up DNS" part of this tutorial

  3. Make sure your server is reachable under your domain name and has Docker and Docker Compose installed.

Then, to spin up a Flask container serving an API securely over HTTPS, run:

# On the remote host (e. g. via SSH)
git clone https://github.com/MohamedKari/secure-flask-container-template secure_flask && cd secure_flask
echo DOMAIN_NAME=$DOMAIN_NAME >> .env 
echo EMAIL_ADDRESS=$EMAIL_ADDRESS >> .env
docker-compose -f docker-compose.initial.yml up --build # obtains the initial certificate using certbot
docker-compose up --build # runs Nginx, your app, and an auto-renewal certbot

# On your developer machine
curl https://$DOMAIN_NAME/square/5

That's it. Now, you're serving your containerized Flask API over HTTPS.

Modify the Flask app in app/app.py to your wishes and redeploy the setup with

docker-compose down
docker-compose up --build

Automate the Docker-Compose Deployment

I explained the rationale for this part in https://blog.mkari.de/posts/single-docker-host-cicd/.

echo GITHUB_TOKEN=$GITHUB_TOKEN >> .env 
echo REPO_OWNER=$REPO_OWNER >> .env
echo REPO_NAME=$REPO_NAME >> .env
echo DOCKER_MACHINE_NAME=$DOCKER_MACHINE_NAME >> .env

python -m venv .gh-secrets
source .gh-secrets/bin/activate
pip install -r gh-secrets/requirements.txt

eval $(cat .env |grep "^[^#]")
python gh-secrets/gh-secrets.py deploy_docker_machine_certs $REPO_OWNER $REPO_NAME $DOCKER_MACHINE_NAME
python gh-secrets/gh-secrets.py set $REPO_OWNER $REPO_NAME EMAIL_ADDRESS $EMAIL_ADDRESS
python gh-secrets/gh-secrets.py set $REPO_OWNER $REPO_NAME DOMAIN_NAME $DOMAIN_NAME

FAQ

How do I start a remote Docker host in the cloud using docker-machine?

For a GCP server, I usually use something like:

docker-machine create --driver google \
    --google-disk-size 100 \
    --google-disk-type pd-standard \
    --google-project $PROJECT_NAME \
    --google-zone europe-west3-a \
    --google-machine-type e2-medium \
    --google-machine-image projects/confidential-vm-images/global/images/ubuntu-1804-bionic-v20200716 \
    --google-open-port 80,443 \
    secure-server

About

A template repo showing how to serve an API over HTTPS conveniently with Let's Encrypt certificates, using Certbot, Nginx, and - exemplarily - Flask, each running in a Docker container spun up through Docker Compose.

https://blog.mkari.de/posts/secure-apis/

Languages

Language:Python 69.5%Language:Dockerfile 17.2%Language:Shell 13.3%