Introduction
Flask is a Python framework for constructing net functions. With Flask, builders can simply outline routes, deal with HTTP requests and responses, and render dynamic content material utilizing Jinja2 templates. It additionally helps extensions permitting builders to combine options like database entry, kind dealing with, and consumer authentication.
On this article, we’re going to deploy a Flask software utilizing Gunicorn, together with CSRF safety and Content material Safety Insurance policies implementation. We’re additionally going to arrange a reverse proxy utilizing Nginx and implement HTTPS by requesting a free SSL certificates from Let’s Encrypt.
Deploy Vultr Optimized Cloud Occasion
- Join and log in to the Vultr Buyer Portal.
- Navigate to the Merchandise web page.
- From the facet menu, choose Compute.
- Click on the Deploy Server button within the middle.
- Select Optimized Cloud Compute because the server sort.
- Select a server Location.
- Select Ubuntu 24.04 because the working system.
- Select an acceptable plan.
- Select any Extra Options if required.
- Click on Deploy Now.
Add Your Demo Software Code Recordsdata
Set Up a Python Digital Atmosphere
- Set up the
python3-venv
bundle - Create a digital atmosphere.
- Activate the digital atmosphere.
Add Demo Software Code Recordsdata
- Clone the Github repository.
- Navigate to the venture listing.
- Set up Flask and Gunicorn packages.
- Enable incoming connections to port
5000
.
Apply CSRF Safety and Content material Safety Insurance policies
Cross-Web site Request Forgery (CORS) is a vulnerability that permits somebody to take advantage of and make the most of a consumer’s logged-in session on a trusted web site to make unauthorized requests to a distinct web site that the consumer trusts. WTForms is a Flask extension that integrates CSRF safety by default to stop CORS assaults.
Content material Safety Coverage (CSP) is an additional layer of safety for net functions that protects them from malicious assaults. CSP instructs the browser on what assets are allowed to load on a selected webpage. Normally, the web site administrator configures a CSP by including a particular header to the server’s response for a webpage, then the browser receives the CSP header and understands what assets are allowed to load. Talisman is an extension for Flask that simplifies the method of including CSP to Flask functions.
- Set up
flask-wtf
andtalisman
packages - Open the
app.py
file. - Edit the
app.py
file to incorporate Content material Safety Insurance policies. - Within the
app.py
file, import and configure CSRF safety.Save and shut the file.
- Navigate to the
templates
listing. - Open the
index.html
file. - Edit the HTML web page to incorporate CSRF configuration.
Save and shut the file.
- Exit the
templates
listing.
Configuring Nginx as a Reverse Proxy
Nginx acts as a reverse proxy between your net server and purchasers. It directs incoming requests based mostly in your request configuration settings. On this part, we’re going to configure our software for reverse proxy for environment friendly request dealing with and cargo balancing. We’re additionally going to request a free SSL certificates from Let’s Encrypt to implement HTTPS that secures the communication between a consumer and an online server for our area.
- Log in to the Vultr Buyer Portal.
- Navigate to the Merchandise web page.
- From the facet menu, broaden the Community drop-down, and choose DNS.
- Click on the Add Area button within the middle.
- Observe the setup process so as to add your area title by choosing the IP deal with of your server.
- Set the next hostnames as your area’s major and secondary nameservers together with your area registrar.
- Set up Nginx.
- Create a brand new Nginx configuration file.
- Paste the next configuration into the file.
- Activate the digital host configuration.
- Check the Nginx configuration.
- Reload Nginx.
- Enable incoming connections to port
80
and443
. - Set up the certbot bundle.
- Request an SSL certificates.
- Begin a Gunicorn server.
- Now you can entry your Flask software at
https://<your_domain>
.
Do Extra With Python Apps on Vultr
Conclusion
On this article, we explored tips on how to deploy a Flask software utilizing Nginx reverse proxy and Gunicorn with CSRF safety and CSPs. We additionally secured the applying by including an SSL certificates and enabling HTTPS entry.
It is a sponsored article by Vultr. Vultr is the world’s largest privately-held cloud computing platform. A favourite with builders, Vultr has served over 1.5 million prospects throughout 185 nations with versatile, scalable, world Cloud Compute, Cloud GPU, Naked Steel, and Cloud Storage options. Study extra about Vultr