首页 > 其他分享 >fastapi+https

fastapi+https

时间:2024-06-18 23:43:42浏览次数:22  
标签:key certificate -- fastapi redis https docker

docker-fastapi-celery

https://github.com/fanqingsong/docker-fastapi-celery

 设置了https证书,可以运行查看效果。

 

Run on local machine

Install docker and docker-compose

Run entire app with one command
sh local_env_up.sh
 
content of local_env_up.sh
sudo docker-compose -f docker-compose.yml up --scale worker=2 --build

 

docker-compose.yaml

version: "3.7"

services:
  fastapi:
    build:
      context: .
      dockerfile: DockerfileWebApi
    environment:
      REDISSERVER: redis://redis_server:6379
      C_FORCE_ROOT: "true"
    ports:
      - "5000:80"
    secrets:
      - certificate_cert
      - certificate_key
    command: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "80", "--ssl-keyfile", "/run/secrets/certificate_key", "--ssl-keyfile-password", "123456", "--ssl-certfile", "/run/secrets/certificate_cert"]
    depends_on:
      - redis_server
  worker:
    build:
      dockerfile: DockerfileCelery
      context: .
    environment:
      REDISSERVER: redis://redis_server:6379
      C_FORCE_ROOT: "true"
    depends_on:
      - redis_server
  redis_server:
    image: redis

  flower:
    image: mher/flower
    command: ["celery", "--broker=redis://redis_server:6379", "flower", "--port=5555"]
    ports:
      - "5555:5555"
    depends_on:
      - redis_server

secrets:
  certificate_cert:
    file: ./certificate/cert.pem
  certificate_key:
    file: ./certificate/key.pem

 

use-secrets - docker-compose

https://docs.docker.com/compose/use-secrets/

A secret is any piece of data, such as a password, certificate, or API key, that shouldn’t be transmitted over a network or stored unencrypted in a Dockerfile or in your application’s source code.

Docker Compose provides a way for you to use secrets without having to use environment variables to store information. If you’re injecting passwords and API keys as environment variables, you risk unintentional information exposure. Services can only access secrets when explicitly granted by a secrets attribute within the services top-level element.

Environment variables are often available to all processes, and it can be difficult to track access. They can also be printed in logs when debugging errors without your knowledge. Using secrets mitigates these risks.

 

base image

https://github.com/tiangolo/uvicorn-gunicorn-fastapi-docker/tree/master

Docker image with Uvicorn managed by Gunicorn for high-performance FastAPI web applications in Python with performance auto-tuning.

 

uvicorn + https

https://www.uvicorn.org/deployment/#running-with-https

Running with HTTPS

To run uvicorn with https, a certificate and a private key are required. The recommended way to get them is using Let's Encrypt.

For local development with https, it's possible to use mkcert to generate a valid certificate and private key.

 
$ uvicorn main:app --port 5000 --ssl-keyfile=./key.pem --ssl-certfile=./cert.pem

https://www.uvicorn.org/deployment/

  --ssl-keyfile TEXT              SSL key file
  --ssl-certfile TEXT             SSL certificate file
  --ssl-keyfile-password TEXT     SSL keyfile password

 

标签:key,certificate,--,fastapi,redis,https,docker
From: https://www.cnblogs.com/lightsong/p/18255419

相关文章

  • HTTPS+TLS/SSL
    名词解释TLS:TransportLayerSecuritySSL:SecureSocketsLayer理论基础信息摘要算法根据一段信息计算出一串数字,但是由这串数字没办法还原出原来的信息等于是这串数字由这段信息产生,可以表示这段信息,称为这段信息的摘要主要有以下应用:传输文件时验证文件有无损坏......
  • 【Azure App Service】遇见az命令访问HTTPS App Service 时遇见SSL证书问题,暂时跳过证
    问题描述访问AppService的高级工具KUDU站点的URL,遇见无法访问,在通过azwebappdeploy发布时候,也遇见SSL错误(SSL:CERITIFICATE_VERIFY_FAILEDcertificateverifyfailed:unabletogetlocalissuercertificate)问题解答为AZ指令配置,跳过SSL认证,来实现AZWEBAPPDEPLOY......
  • FASTAPI从入门到进阶
    fastapi框架fastapi,一个用于构建API的现代、快速(高性能)的web框架。fastapi是建立在Starlette和Pydantic基础上的,Pydantic是一个基于Python类型提示来定义数据验证、序列化和文档的库。Starlette是一种轻量级的ASGI框架/工具包,是构建高性能Asyncio服务的理性选择。快速:可与......
  • 如何完美解决 IDE升级后启动报错 Internal error. Please refer to https://jb.gg/ide
    如何完美解决IDE升级后启动报错Internalerror.Pleaserefertohttps://jb.gg/ide/critical-startup-errors博主猫头虎的技术世界......
  • FastAPI快速入门2 Pydantic&错误处理
    2.1Pydantic简介Pydantic使用python类型注解进行数据验证和配置管理。这是一款能让您更精确地处理数据结构的工具。例如,到目前为止,我们一直依赖字典来定义项目中的典型配方。有了Pydantic,我们可以这样定义配方:frompydanticimportBaseModelclassRecipe(BaseModel):id......
  • http和https的区别是什么
    HTTP(超文本传输协议)和HTTPS(安全超文本传输协议)是互联网上用于传输数据的两种主要协议。它们的主要区别在于数据传输的安全性。1.安全性:-HTTP:不加密,数据以明文形式传输,容易被截获和篡改,因此存在安全风险。-HTTPS:在HTTP的基础上增加了SSL/TLS协议,对数据进行加密,确保数......
  • nginx配置https访问
    1、配置文件内容如下:worker_processes1;events{worker_connections1024;}error_log/tmp/error.loginfo;http{includemime.types;default_typeapplication/octet-stream;log_formatmain'$remote_addr-$remote_user[$time_local]&qu......
  • FastAPI快速入门1 Hello World
    1HelloWorld1.1HelloWorldch01/main.pyfromfastapiimportFastAPI,APIRouter#1app=FastAPI(title="RecipeAPI",openapi_url="/openapi.json")#2api_router=APIRouter()#3@api_router.get("/",status_code......
  • FastAPI-9 服务层
    9服务层本章阐述了服务层,即中间层。9.1定义服务服务层是网站的核心,它接收来自多个来源的请求,访问作为网站DNA的数据,并返回响应。常见的服务模式包括以下组合:创建/检索/更改(部分或全部)/删除一件事/多件事在RESTful路由器层,名词是资源。在本书中,我们的资源最初将包括隐......
  • FastAPI-7:框架比较(Flask、Django及FastAPI)
    7框架比较(Flask、Django及FastAPI)关于一个新的Web框架,您可能想知道的第一件事就是如何入门,而一种自上而下的方法就是定义路由(从URL和HTTP方法到函数的映射)。7.1FlaskFlask自称是微框架。它提供基本功能,你可以根据需要下载第三方软件包进行补充。它比Django小,入门时学习......