api server (hypercorn) do not use ssl certifications anymore. Caddy will provide https access instead

Author: André Felipe Dias

backend/Dockerfile.fastapi_api

@@ -34,10 +34,8 @@ ENV PATH=/venv/bin:${PATH}
 WORKDIR /backend/fastapi_api
 RUN chown -R nobody:nogroup .
 COPY --chown=nobody:nogroup fastapi_api/app ./app
-COPY --chown=nobody:nogroup fastapi_api/cert ./cert
 COPY --chown=nobody:nogroup fastapi_api/hypercorn.toml .
 COPY --chown=nobody:nogroup common/app /backend/common/app
-COPY --chown=nobody:nogroup common/cert /backend/common/cert
 
 USER nobody
 

backend/Dockerfile.quart_api

@@ -32,7 +32,6 @@ ENV PATH=/venv/bin:${PATH}
 WORKDIR /backend/quart_api
 RUN chown -R nobody:nogroup .
 COPY --chown=nobody:nogroup quart_api/app ./app
-COPY --chown=nobody:nogroup common/cert ./cert
 COPY --chown=nobody:nogroup quart_api/hypercorn.toml .
 
 USER nobody

backend/Dockerfile.tornado_api

@@ -33,9 +33,7 @@ ENV PATH=/venv/bin:${PATH}
 WORKDIR /backend/tornado_api
 RUN chown -R nobody:nogroup .
 COPY --chown=nobody:nogroup tornado_api/app ./app
-COPY --chown=nobody:nogroup tornado_api/cert ./cert
 COPY --chown=nobody:nogroup common/app /backend/common/app
-COPY --chown=nobody:nogroup common/cert /backend/common/cert
 
 USER nobody
 

backend/common/app/resources.py

@@ -142,4 +142,3 @@ def migrate_database():
     alembic_cfg.set_main_option('script_location', str(root_dir / 'alembic'))
     upgrade(alembic_cfg, 'head')
     return
-

backend/common/cert/README.rst

@@ -1,7 +1,5 @@
 worker_class = "uvloop"
-bind = "0.0.0.0:8443"
-certfile = "cert/server.pem"
-keyfile = "cert/server.key"
+bind = "0.0.0.0:8000"
 accesslog = "-"
 errorlog = "-"
 access_log_format = "%(t)s %(h)s %(S)s %(r)s %(s)s"

backend/common/cert/server.key

@@ -27,7 +27,6 @@ ENV PATH=/venv/bin:${PATH}
 WORKDIR /app
 RUN chown -R nobody:nogroup /app
 COPY --chown=nobody:nogroup app /app
-COPY --chown=nobody:nogroup cert /app/cert
 COPY --chown=nobody:nogroup hypercorn.toml .
 
 USER nobody

backend/common/cert/server.pem

@@ -1,7 +1,5 @@
 worker_class = "uvloop"
-bind = "0.0.0.0:8443"
-certfile = "cert/server.pem"
-keyfile = "cert/server.key"
+bind = "0.0.0.0:8000"
 accesslog = "-"
 errorlog = "-"
 access_log_format = "%(t)s %(h)s %(S)s %(r)s %(s)s"

backend/common/docker-compose.yml

@@ -1,5 +1,5 @@
 run:
-	ENV=development python -m app.main
+	python -m app.main .env
 
 
 test:

backend/fastapi_api/cert

@@ -42,13 +42,12 @@ def create_app(env_filename: Union[str, Path] = None) -> Iterator[Application]:
 
 
 if __name__ == '__main__':
-    import ssl
+    import sys
 
-    with create_app() as app:
-        port = 8443
-        ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-        ssl_ctx.load_cert_chain('cert/server.pem', 'cert/server.key')
-        http_server = HTTPServer(app, ssl_options=ssl_ctx)
+    env_filename = '' if len(sys.argv) == 1 else sys.argv[1]
+    with create_app(env_filename) as app:
+        port = 8000
+        http_server = HTTPServer(app)
         http_server.listen(port)
         logger.info(f'Listening to port {port} over https (use CTRL + C to quit)')
         IOLoop.current().start()