How to deploy Flask app using Gunicorn and Nginx
Disclaimer: This post is not a tutorial on how to create a Flask app, but rather how to deploy it using Gunicorn and Nginx. If you’re new to these concepts or need a refresher, consider brushing up on the basics before diving into this article.
One task in working as a research assistant in Professor Chen Li’s QueryBooster was migrating the backend code from SimpleHttpServer to Flask and deploying our website using Gunicorn, and Nginx. In this post, I hope to explain how to deploy a Flask application with Gunicorn and Nginx.
As an example, I will be demonstrating the deployment with the project that I worked on (QueryBooster). However, you should be able to follow this guide by using your own Flask project.
Deployment Guide
This guide will walk you through deploying QueryBooster on your server. Follow the steps below to set up and run QueryBooster.
Running Flask with Gunicorn
Clone the project
Enter server and clone the project
1 | ssh username@hostname |
Requirements
Navigate to the QueryBooster directory and set up a Python virtual environment, activate it, and install the required packages.
1 | cd QueryBooster |
Compile and Deploy QueryBooster Client
To compile and deploy the QueryBooster client, go to the client directory and run the following commands:
1 | cd client/ |
Run QueryBooster server locally
Now, navigate to the server directory and start the QueryBooster server using Gunicorn:
1 | cd ../server |
You can access QueryBooster locally at http://ip:8000
.
Opening Firewall
To enable HTTP and HTTPS traffic, make sure ports 80 and 443 are accessible by modifying your firewall rules. For CentOS, use the following commands:
1 | sudo firewall-cmd --zone=public --add-port=80/tcp --permanent |
Implementing querybooster.service controlled by systemctl
as system process
To ensure that QueryBooster starts automatically after server reboots or crashes, create a systemd service unit file.
1 | sudo vi /etc/systemd/system/querybooster.service |
Add the following content to the querybooster.service
file:
1 | [Unit] |
Reload the systemd manager configuration and start the QueryBooster service:
1 | systemctl daemon-reload |
The sudo systemctl enable querybooster
command ensures that QueryBooster starts automatically on system boot.
The command sudo systemctl status querybooster
will show if querybooster is active:
Enable HTTPS
Generate Key and CSR Files
Generate a key file (server.key
) and a Certificate Signing Request (CSR) file (server.csr
). Make sure to set a password for the key file.
*** Note: we will be needing the password when we set up Nginx so do NOT forget the password***
- Generate key file:
1 | openssl genrsa -des3 -out server.key 2048 |
- Generate CSR file:
1 | openssl req -new -key server.key -out server.csr |
2. Get a signed certificate from a CA (Certificate Authority).
Get a signed certificate from a CA (Certificate Authority) of your choice. There are many that are free.
3. Put all certs-related files under nginx. ( /etc/ssl/certs
).
Note 1: So far there are three files: server.key
, server.csr
, server.crt
. Please note for the difference. You only need server.csr
to obtain server.crt
, and no longer needed it for following steps. For all following steps, you should be using server.crt
Note 2: if the files are located under /etc/nginx/ssl/
there might be problems with File access: permission denied
due to system security policy.
Setting up Nginx
Install Nginx based on your OS. For CentOS, use the following commands:
1 | sudo yum install epel-release |
for more information: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/
Create password file for server.key
If you have created a password for server.key
. You need to create a file named querybooster.pass
inside /etc/ssl/certs/
so that nginx can access the server.py
file.
Use the command below and write down the password:
1 | sudo vi /etc/ssl/certs/querybooster.pass |
Setting up Nginx configurations
The files we modify inside nginx are /etc/nginx/nginx.conf
and /etc/nginx/conf.d/query_booster.conf
Modify nginx.conf
to the following:
1 | user nginx; |
Create file query_booster.conf
:
1 | sudo vi /etc/nginx/conf.d/query_booster.conf |
Add the following content to the query_booster.conf
file:
1 | server { |
Test Nginx
Test the Nginx configuration file for syntax errors:
1 | sudo nginx -t |
The output should look similar to this:
Otherwise, check nginx.conf
and query_booster.conf
for syntax errors.
Reload and start Nginx
1 | sudo nginx -s reload |
Now, you can access QueryBooster through the domain querybooster.ics.uci.edu
from the web server.
For a more detailed guide, please check the wiki in QueryBooster