-
Notifications
You must be signed in to change notification settings - Fork 23
Serving over HTTPS
Unfortunately Waitress (the production WSGI server used in UP) does not natively support TLS, making it considerably harder to allow HTTPS support in the tool.
The Waitress docs suggest placing the app behind a reverse proxy (as is best practice anyway)... so that's exactly what I recommend you do 😁
Caddy is highly recommended for this. Download a suitable binary for your platform, then run it with:
./caddy reverse-proxy --from INSERT_YOUR_DESIRED_IP_OR_DOMAIN_HERE --to localhost:8000Then run UP, specifying port 8000:
up -p 8000Caddy will automatically handle TLS certificate generation for you. If your --from argument is a public domain it will attempt to obtain a Let's Encrypt certificate via ACME. If it is an internal IP address or domain, Caddy will simply fall back to a self-signed certificate.
Either way, instant TLS!
Bear in mind that adding a reverse proxy in front of a Flask application prevents the server from being able to read the real remote IP address making the connection. If this information is important to you, add the --proxies parameter when starting the tool, e.g.:
up -p 8000 --proxies 1This tells the Flask app that there is one reverse proxy between it and the device making the connection, allowing it to correctly display the remote IP.