Modern APIs with FastAPI and Python Transcripts
Chapter: Deploying FastAPI on Linux with gunicorn and nginx
Lecture: Adding SSL for HTTPS on our API
0:00 Alright, Final, final thing. Notice this up here says "the connection is not secure".
0:05 That's weird. So browsers these days and Google and so on are making sure that
0:09 we have https for almost everything.
0:12 And if they're not, they're not secure.
0:14 Even if this was a domain name,
0:15 it would not be happy. So how do we do that?
0:18 Do we go and buy an SSL certificate?
0:21 That's so two years ago, no we wouldn't do that.
0:23 So what we would do is we would go over here and we would add this
0:27 repository, like this, over here. And once we've done that,
0:32 we're going to install Python certbot NGINX.
0:35 So this is going to use "Let's encrypt". Python 3,
0:40 yeah, Okay, Good. Beautiful.
0:43 And I'll update that as well here for you.
0:45 And then we would just run certbot NGINX, like that for this domain.
0:50 And it's gonna look and says
0:51 "great, what's your email address?"
0:54 I'm Michael at talk Python. I'm gonna put a little thing here so it doesn't
0:59 actually email me or contact me
1:00 because this is not really gonna work.
1:02 And it says "do you accept the terms?"
1:04 We do accept the terms. I don't want to share that because it's fake.
1:08 So it's going to try to go get a certificate,
1:10 but it's gonna fail. Why did it fail?
1:13 Because it said, Alright, great.
1:14 You want to set up a certificate for "weatherapi.
1:17 talkpython.com", is the place I'm running on where that URL
1:22 resolves to? Like,
1:24 am I actually on the weatherapi.talkpython.com server?
1:27 No, because that domain doesn't go anywhere.
1:29 But if I had pointed here and waited for the DNS to resolve, this would just
1:33 automatically install SSL on server and it would just keep it up to date.
1:37 Beautiful. So that's all we got to do to make SSL work.
1:40 But of course, it requires this DNS things you can't create fake servers elsewhere and
1:45 so on. Not gonna actually go through this step by doing the DNS,
1:49 but it's super simple to follow.
1:51 There's a few questions about whether or not you want to redirect.
1:53 If somebody hits the non-ssl one,
1:56 say yes. So this is a really beautiful, free, and automatic way
1:59 to keep a up to date ssl certificate on your web server.