Search code examples
pythonflaskuwsgidockerpy

uwsgi with https getting socket option missing


I am running a Flask application on Docker with uwsgi. I have been running it for years now, but we need to add https to it. I know I can use an HAProxy and do ssl offloading, but in our current setup we cant do it this way, at least not right now. We need to do the SSL directly on the application. I have tried multiple options and I keep getting "The -s/--socket option is missing and stdin is not a socket." Not sure what else to try. The server is uWSGI==2.0.26. Please help. below is my uwsgi.ini file.

[uwsgi]

module = wsgi:app
master = true
processes = 5
enable-threads = true
single-interpreter = true

buffer-size = 32768

# protocol = http
# socket = 0.0.0.0:5000
# protocol = https
shared-socket = 0.0.0.0:5000
https = 0,/app/ssl/app_cert.crt,/app/ssl/app_cert.key

stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0

stderr_logfile = /dev/stdout
stderr_logfile_maxbytes = 0

chmod-socket = 660
vacuum = true

die-on-term = true

py-autoreload = 1

Solution

  • You can use the following example to run your flask application with uwsgi and docker.

    I will provide a minimal example and you can use it to expand to your needs.

    The uwsgi conf were extracted from docs.

    uwsgi.ini

    [uwsgi]
    shared-socket = 0.0.0.0:443
    https = =0,ssl/server.crt,ssl/server.key
    master = true
    module = app:app
    uid = uwsgi
    gid = uwsgi
    

    app.py

    from flask import Flask
    
    app = Flask(__name__)
    
    @app.route("/")
    def hello():
        return "Hello, World!"
    
    if __name__ == "__main__":
        app.run() 
    

    requirements.txt

    Flask
    uWSGI==2.0.26
    

    Dockerfile

    FROM python:3.10-slim
    
    RUN apt-get update && apt-get install -y \
        build-essential \
        gcc \
        libssl-dev \
        && apt-get clean \
        && rm -rf /var/lib/apt/lists/*
    
    RUN groupadd -r uwsgi && useradd -r -g uwsgi -m uwsgi
    
    WORKDIR /app
    
    COPY requirements.txt /app/
    
    RUN pip install --no-cache-dir -r requirements.txt
    
    COPY . /app/
    
    COPY ssl/ /app/ssl/
    
    RUN chown -R uwsgi:uwsgi /app
    
    EXPOSE 443
    
    USER uwsgi
    
    CMD ["uwsgi", "--ini", "uwsgi.ini"]
    
    

    Create an ssl directory and generate a self-signed cert.

    mkdir ssl
    openssl req -x509 \
      -newkey rsa:2048 \
      -keyout ssl/server.key \
      -out ssl/server.crt \
      -days 365 -nodes -subj "/CN=localhost"
    

    Now you should have this folder structure:

    .
    ├── app.py
    ├── Dockerfile
    ├── requirements.txt
    ├── ssl
    │   ├── server.crt
    │   └── server.key
    └── uwsgi.ini
    

    Now build and run:

    docker build -t flask-uwsgi-example .
    docker run --rm --name flask -p 443:443 flask-uwsgi-example
    

    And test with curl:

    $ curl -k https://localhost:443
    Hello, World!