Search code examples
nginxnginx-reverse-proxywaitress

How to properly configure NGNIX for SSL for flask application using waitress

I have a simple flask app I'm using waitress/nginx to serve/host

these rules work as expected with SSL

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    include snippets/number2.conf;
    include snippets/ssl-params.conf;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name https://exanple.com;
        location / {

            proxy_pass http://example.com:5000/;
            proxy_set_header X-Real-IP $remote_addr;


        }

}


server {
    listen 80;
    listen [::]:80;

    server_name domain;

    return 302 https://$server_name$request_uri;
}

However, these do not work as expected same app with waitress/nginx. Note this server is also running another application on port 8069.

    server {
    
        listen 443 ssl;
        listen [::]:443 ssl;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;
    
    
           
    
            root /var/www/html;
        
    
            server_name ip.adress;
            rewrite ^/$ https://ip.adress;
    
    location / {
            proxy_pass http://ip.adress:8069;
            }
    
    
    }
    
    server {
        listen 80;
        listen [::]:80;
    
        server_name ip.adress;
            return 301 https://ip.adress$request_uri;
    
    
    }



server {
    listen 443 ssl;
    listen [::]:443 ssl;
    include snippets/number2.conf;
    include snippets/ssl-params.conf;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name https:/example.com;
        location / {

            proxy_pass http://example.com:5000/;
            proxy_set_header X-Real-IP $remote_addr;


        }

}


server {
    listen 80;
    listen [::]:80;

    server_name domain.com;

    return 302 https://$server_name$request_uri;
}

Have tried multiple server rule combinations but I am lost at this point.

Solution

  • I was able to figure it out. For anyone else having trouble, I had to use a reverse proxy. I listened to port 8001 and used a proxy port 5000 with a header of Host $host. I also added url_scheme='https' to the flask app.

    https://docs.pylonsproject.org/projects/waitress/en/stable/reverse-proxy.html

        server {

    listen ip.adress:8001 ssl;
    include snippets/ssl-self.conf;
    include snippets/ssl-params.conf;



        root /var/www/html;



        index index.html index.htm index.nginx-debian.html;

        server_name ip.adress;

location / {
        proxy_pass http://ip.adress:5000;
        proxy_set_header        Host $host;

        }
}