Running a Flask based website on Nginx

This article assumes you have completed up to setting up Nginx based on the Last Article, or that you already have a server setup.

Configuring Nginx

First, make your folder for the website, this is where your website will live:

sudo mkdir -p /var/www/websiteName

Next, we need to set the proper permissions to make sure everything works:

sudo chown -R nginx /var/www/websiteName
sudo chmod -R 755 /var/www/websiteName

Now, we will create the config file for website:

sudo nano /etc/nginx/conf.d/websiteName.conf

and paste the following into the file:

server {
        listen 80;
        server_name example.com www.example.com;

        location / {
                proxy_pass http://127.0.0.1:8000/;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Prefix /;
        }
}

Now, confirm that the nginx configuration is ok:

sudo nginx -t

Restart nginx:

sudo systemctl restart nginx
sudo systemctl status nginx

Next, set SELinux to permissive mode:

sudo setenforce permissive
sudo getenforce

Now, we will need to set SELinux to permissive mode permanently:

sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux

Running the Flask App

Install Gunicorn

To run the your Flask website you need to install gunicorn.

pip install gunicorn
sudo cp ~/.local/bin/gunicorn /usr/bin/gunicorn

Configure Systemd

You will need to create a systemd service for gunicorn.

In /etc/systemd/system/yourapp.service

[Unit]
Description = yourapp
After = network.target

[Service]
PermissionsStartOnly = true
PIDFile = /run/yourapp/yourapp.pid
User = gunicorn
Group = gunicorn
WorkingDirectory = /var/www/yourapp
ExecStartPre = /bin/mkdir /run/yourapp
ExecStartPre = /bin/chown -R gunicorn:gunicorn /run/yourapp
ExecStart = /usr/bin/gunicorn main:app -b 0.0.0.0:8000 --pid /run/yourapp/yourapp.pid
ExecReload = /bin/kill -s HUP $MAINPID
ExecStop = /bin/kill -s TERM $MAINPID
ExecStopPost = /bin/rm -rf /run/yourapp
PrivateTmp = true

[Install]
WantedBy = multi-user.target

Now you will need to run the following commands:

sudo systemctl daemon-reload
sudo systemctl enable yourapp
sudo systemctl start yourapp

sudo setsebool -P httpd_can_network_connect 1

At this point when you navigate to your website, it should load.

Installing and Running Certbot

To install Certbot run:

sudo dnf install certbot python3-certbot-nginx

To get SSL certificates for your websites run:

sudo certbot --nginx

Answer the prompts that show up on screen as you wish.

To configure auto renewal of the SSL certificate run:

crontab -e

and add the following line:

0 12 * * * /usr/bin/certbot renew --quiet

This will check everyday at noon to see if the certificate will expire in the next month, if so it will renew the certificate.

Now your website should be operational.