SSL and WSGI apps - Python

Question

I have a WSGI app that I would like to place behind SSL. My WSGI server is gevent.

What would a good way to serve the app through SSL in this case be?

Answer 1

The gevent.wsgi module does not have built-in SSL support. If you're using it, put it behind nginx which would receive request over HTTPS but proxy them to your gevent app using non-encrypted HTTP.

The gevent.pywsgi module does have built-in SSL support and has a compatible interface. Set the keyfile and certfile arguments to make the server use SSL. Here's an example: wsgiserver_ssl.py:

#!/usr/bin/python
"""Secure WSGI server example based on gevent.pywsgi"""

from __future__ import print_function
from gevent import pywsgi


def hello_world(env, start_response):
    if env['PATH_INFO'] == '/':
        start_response('200 OK', [('Content-Type', 'text/html')])
        return [b"<b>hello world</b>"]
    else:
        start_response('404 Not Found', [('Content-Type', 'text/html')])
        return [b'<h1>Not Found</h1>']

print('Serving on https://127.0.0.1:8443')
server = pywsgi.WSGIServer(('0.0.0.0', 8443), hello_world, keyfile='server.key', certfile='server.crt')
# to start the server asynchronously, call server.start()
# we use blocking serve_forever() here because we have no other jobs
server.serve_forever()

Answer 2

It looks like gevent now has an ssl module. If you have a web server implemented on top of gevent, I imagine you could modify it to wrap incoming connections with that module's ssl socket class before passing it on to the http handlers.

http://blog.gevent.org/2010/02/05/version-0-12-0-released/

http://www.gevent.org/gevent.ssl.html

Otherwise, you could always use good old apache + mod_wsgi to serve your wsgi app.