Full Web Apps with FastAPI Transcripts
Chapter: Deploying FastAPI on Linux with gunicorn and nginx
Lecture: Adding SSL for HTTPS on our API
0:00 Alright. Final, final thing. Notice this up here says the connection is not secure.
0:06 That's weird. So browsers these days and Google and so on are making sure that we have HTTPS for almost everything.
0:13 And if they're not, they're not secure. Even if this was a domain name, would not be happy. So how do we do that? Do we go and buy an SSL certificate?
0:22 That's so 2 years ago, now we wouldn't do that. So what we would do is we would go over here and we would add this
0:28 repository like this over here. And once we've done that, we're going to install Python-certbot-nginx. So this is gonna use Let's Encrypt. Python3
0:41 yeah, okay, good, beautiful. And I'll update that as well here for you. And then we would just run certbot --nginx like that for this domain.
0:51 And it's gonna look and says, uh, great, what's your email address? I'm michael@talkPython7.com I'm gonna put a little thing here so it doesn't
1:00 actually email me or contact me, because this is not really gonna work. And it says: do you accept the terms?
1:05 We do accept the terms, I don't want to share that cause it's fake, so it's gonna try to go get a certificate, but it's gonna fail. Why did it fail?
1:14 Cause it said, alright, great, you want to set up a certificate for weatherapi.talkPython.com, is the place I'm running on where that URL, over that,
1:23 uh, resolves to. Like, am I actually on the weatherapi.talkPython.com server? No, because that domain doesn't go anywhere.
1:30 But if I had pointed it here and waited for the DNS to resolve, this would just
1:34 automatically install SSL on server and it would just keep it up to date. Beautiful, so that's all we gotta do to make SSL work.
1:41 But of course, it requires this DNS thing so you can't create fake servers elsewhere and
1:46 so on. Not gonna actually go through this step by doing the DNS, but it's super simple to follow.
1:52 There's a few questions about whether or not you want to redirect if somebody hits the non SSL one,
1:57 say yes. So this is a really beautiful, free an automatic way to keep an up to date SSL certificate on your web server