Full Web Apps with FastAPI Transcripts
Chapter: Deploying FastAPI on Linux with gunicorn and nginx
Lecture: Adding SSL for HTTPS on our API
0:00 Alright. Final, final thing. Notice this up here says the connection is not secure.
0:05 That's weird. So browsers these days and Google and so on are making sure that
0:09 we have HTTPS for almost everything.
0:12 And if they're not, they're not secure.
0:14 Even if this was a domain name,
0:15 would not be happy. So how do we do that?
0:18 Do we go and buy an SSL certificate?
0:21 That's so 2 years ago, now we wouldn't do that.
0:23 So what we would do is we would go over here and we would add this
0:27 repository like this over here. And once we've done that,
0:32 we're going to install python-certbot-nginx.
0:35 So this is gonna use Let's Encrypt. python3
0:40 yeah, okay, good, beautiful.
0:43 And I'll update that as well here for you.
0:45 And then we would just run certbot --nginx like that for this domain.
0:50 And it's gonna look and says,
0:51 uh, great, what's your email address?
0:54 I'm email@example.com I'm gonna put a little thing here so it doesn't
0:59 actually email me or contact me,
1:00 because this is not really gonna work.
1:02 And it says: do you accept the terms?
1:04 We do accept the terms, I don't want to share that cause it's fake,
1:08 so it's gonna try to go get a certificate,
1:10 but it's gonna fail. Why did it fail?
1:13 Cause it said, alright, great,
1:14 you want to set up a certificate for weatherapi.talkpython.com,
1:18 is the place I'm running on
1:20 where that URL, over that,
1:22 uh, resolves to. Like, am I actually on the
1:25 weatherapi.talkpython.com server?
1:27 No, because that domain doesn't go anywhere.
1:29 But if I had pointed it here and waited for the DNS to resolve, this would just
1:33 automatically install SSL on server and it would just keep it up to date.
1:37 Beautiful, so that's all we gotta do to make SSL work.
1:40 But of course, it requires this DNS thing so you can't create fake servers elsewhere and
1:45 so on. Not gonna actually go through this step by doing the DNS,
1:49 but it's super simple to follow.
1:51 There's a few questions about whether or not you want to redirect
1:53 if somebody hits the non SSL one,
1:56 say yes. So this is a really beautiful, free an automatic way to keep an up to date SSL certificate on your web server