Skip to content

[For Discussion] Add environment variables to set SSL certs for Gunicorn #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
anthonyfok wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[For Discussion] Add environment variables to set SSL certs for Gunicorn #20

anthonyfok wants to merge 1 commit into from

Conversation

@anthonyfok
Copy link
Member

@anthonyfok anthonyfok commented Jan 19, 2022
edited
Loading

This is to allow pygeoapi to serve over HTTPS.

The environment variables are:

  • PYGEOAPI_SSL_KEYFILE corresponds to --keyfile
  • PYGEOAPI_SSL_CERTFILE corresponds to --certfile
  • PYGEOAPI_SSL_VERSION corresponds to --ssl-version
  • PYGEOAPI_SSL_CA_CERTS corresponds to --ca-certs

See https://docs.gunicorn.org/en/stable/settings.html#ssl for Gunicorn's SSL-related parameters.

Sample command:

docker run -p 5000:80 \
    -e PYGEOAPI_SSL_KEYFILE=/certs/tls.key \
    -e PYGEOAPI_SSL_CERTFILE=/certs/tls.crt \
    -v /path/to/tls.crt:/certs/tls.crt:ro \
    -v /path/to/tls.key:/certs/tls.key:ro \
    -v $(pwd)/my.config.yml:/pygeoapi/local.config.yml \
    -it ghcr.io/opendrr/pygeoapi:pr-20

where url: https://localhost:5000 is set in the server section in my.config.yml

Fixes #19

Despite discovering GUNICORN_CMD_ARGS which might negate the need for this pull request, I decided to go ahead and complete it because I was almost done, and wanted to refresh myself on the procedure of updating and testing pygeoapi Docker image, and maybe to start test building Docker image for pull requests too. (New issue to be filed later.)

As to whether we actually want to merge this PR, that is up for discussion. Perhaps worth approaching upstream to see if they are interested in these explicit PYGEOAPI_SSL_* variables, and, probably more importantly, where to add a HOWTO for getting pygeoapi to serve HTTPS in the official documentation / FAQ.

@anthonyfok
Add environment variables to set SSL certs for Gunicorn
6d4a91d 
This is to allow pygeoapi to serve over HTTPS.

The environment variables are

 - PYGEOAPI_SSL_KEYFILE  corresponds to --keyfile
 - PYGEOAPI_SSL_CERTFILE corresponds to --certfile
 - PYGEOAPI_SSL_VERSION  corresponds to --ssl-version
 - PYGEOAPI_SSL_CA_CERTS corresponds to --ca-certs

Sample command:

    docker run -p 5000:80 \
        -e PYGEOAPI_SSL_KEYFILE=/certs/tls.key \
        -e PYGEOAPI_SSL_CERTFILE=/certs/tls.crt \
        -v /path/to/tls.crt:/certs/tls.crt:ro \
        -v /path/to/tls.key:/certs/tls.key:ro \
        -v $(pwd)/my.config.yml:/pygeoapi/local.config.yml \
        -it ghcr.io/opendrr/pygeoapi:pr-20

where "url: https://localhost:5000" is set in the "server" section
in my.config.yml

Fixes #19
@anthonyfok anthonyfok self-assigned this Jan 19, 2022
@anthonyfok anthonyfok mentioned this pull request Jan 19, 2022
Closed
@anthonyfok anthonyfok changed the title [To-be-discussed] Add environment variables to set SSL certs for Gunicorn [Do not merge] Add environment variables to set SSL certs for Gunicorn Jan 19, 2022
@anthonyfok anthonyfok changed the title [Do not merge] Add environment variables to set SSL certs for Gunicorn [For Discussion] Add environment variables to set SSL certs for Gunicorn Jan 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@anthonyfok anthonyfok

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ability to set optional SSL certs for Gunicorn

2 participants

@anthonyfok