Deploy streamlit app in Ubuntu server with https (ssl) without using any tool like docker, nginx, etc

Zohaib · May 27, 2020, 11:32pm

How to deploy streamlit in Ubuntu server with https (ssl) without using any tool like docker, nginx, etc?

I am new to this and not able to figure how to get the ssl done for the streamlit app as its shows not secure on the address bar. So is there any way to put the ssl cert, ssl key (cert.pem file) with the streamlit app script so that the ssl is achieved?

randyzwitch · May 28, 2020, 1:31pm

Hi @Zohaib, welcome to the Streamlit community!

What’s your use case for wanting to avoid using Apache/nginx or other tools? From a basic separation-of-concerns perspective, it doesn’t make a lot of sense for Streamlit to roll our own functionality like this since industry-standard webserver solutions already exist.

Best,
Randy

Zohaib · June 1, 2020, 1:53pm

Hi,
Yes, agree on the available options but is there still a way to incorporate ssl into streamlit as those tools are restricted for usage?.

And even when the app is run with nohup the process gets automatically killed not sure why. Is there any better way to serve the app on production?

Thanks

randyzwitch · June 2, 2020, 1:06pm

There isn’t as far as I know.

If your app is crashing, then the first thing to do is figure out why. Have you checked your logs to see if they are reporting anything?

Zohaib · June 10, 2020, 2:50pm

How to configure ssl for the streamlit app through nginx?

Is there any sample nginx configuration file I can consume???..

Thanks

randyzwitch · June 10, 2020, 2:52pm

Some users have been having success with the values in this thread:

Zohaib · June 10, 2020, 3:15pm

As I am new to nginx I am not sure how to use it so it would be helpful if you could provide me a consumable ngix config file.

Thanks

Zohaib · June 10, 2020, 3:16pm

I mean to say a proper listed steps to be followed in order to achieve it.

Kasi · August 19, 2020, 10:10pm

I have used the following configuration to set it up on my Orgs internal network with Azure ad authentication. People can access it by logging in to https://myipaddress

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       1776 ssl;
        listen 443 ssl;
        server_name myipaddress;

        ssl_certificate /etc/localhost.crt;
        ssl_certificate_key /etc/localhost.key;
        ssl_ciphers          HIGH:!aNULL:!MD5;
        error_page 497 400 301 =307 https://myipaddress:1776$request_uri;

        location /oauth2{
        proxy_pass http://localhost:4180;

        proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Auth-Request-Redirect $request_uri;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
     proxy_read_timeout 30;

                }



                location = /favicon.ico {
  return 204;
  access_log     off;
  log_not_found  off;
}
        location = /favicon.png {
  return 204;
  access_log     off;
  log_not_found  off;
}
                    location / {


                auth_request /oauth2/auth;
                error_page 401 = /oauth2/sign_in;
                auth_request_set $token  $upstream_http_x_auth_request_access_token;
                proxy_set_header X-Access-Token $token;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header X-Scheme $scheme;
#               proxy_set_header Host $host;
#               proxy_redirect http://localhost:1776/oauth2/ http://myipaddress:1776/oauth2/;

    location /healthz {
        proxy_set_header Host $http_host;
         proxy_pass  http://localhost:8502/healthz;
    }
    location /stream {
         proxy_pass  http://localhost:8502/stream;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
        proxy_set_header Connection "Upgrade";
         proxy_set_header Upgrade $http_upgrade;


        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 86400;
    }
    proxy_pass   http://localhost:8502/;
}

location ^~ /static {
    proxy_pass http://localhost:8502/static/;
}

location ^~ /html {
    proxy_pass http://localhost:8502/html/;
}
location ^~ /vendor {
    proxy_pass http://localhost:8502/vendor;
}
        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }


    }



}

randyzwitch · January 12, 2022, 9:48pm