Modern APIs with FastAPI and Python Transcripts
Chapter: Deploying FastAPI on Linux with gunicorn and nginx
Lecture: Adding SSL for HTTPS on our API
0:00 Alright, Final, final thing. Notice this up here says "the connection is not secure".
0:06 That's weird. So browsers these days and Google and so on are making sure that we have https for almost everything.
0:13 And if they're not, they're not secure. Even if this was a domain name, it would not be happy. So how do we do that?
0:19 Do we go and buy an SSL certificate? That's so two years ago, no we wouldn't do that.
0:24 So what we would do is we would go over here and we would add this repository, like this, over here. And once we've done that,
0:33 we're going to install Python certbot NGINX. So this is going to use "Let's encrypt". Python 3, yeah, Okay, Good. Beautiful.
0:44 And I'll update that as well here for you. And then we would just run certbot NGINX, like that for this domain. And it's gonna look and says
0:52 "great, what's your email address?" I'm Michael at talk Python. I'm gonna put a little thing here so it doesn't actually email me or contact me
1:01 because this is not really gonna work. And it says "do you accept the terms?" We do accept the terms. I don't want to share that because it's fake.
1:09 So it's going to try to go get a certificate, but it's gonna fail. Why did it fail? Because it said, Alright, great.
1:15 You want to set up a certificate for "weatherapi. talkPython.com", is the place I'm running on where that URL resolves to? Like,
1:25 am I actually on the weatherapi.talkPython.com server? No, because that domain doesn't go anywhere.
1:30 But if I had pointed here and waited for the DNS to resolve, this would just automatically install SSL on server and it would just keep it up to date.
1:38 Beautiful. So that's all we got to do to make SSL work. But of course, it requires this DNS things you can't create fake servers elsewhere and
1:46 so on. Not gonna actually go through this step by doing the DNS, but it's super simple to follow.
1:52 There's a few questions about whether or not you want to redirect. If somebody hits the non-ssl one,
1:57 say yes. So this is a really beautiful, free, and automatic way to keep a up to date ssl certificate on your web server.