Autoscale on AWS with EC2, Python, Flask, and Nginx Part2

DLMade
Analytics Vidhya
Published in
4 min readNov 21, 2021
Photo by Gary Tou on Unsplash

In our 1st part, we have set up an EC2 server and accessed it via Putty. Now, we are going to create a Flask server, Ubuntu service, and configure an Nginx server. So First Let’s Create our Flask Server.

Flask Server

  • Install the requirements on the server. As EC2 instance only provide us python installation so we have to Install an additional python module with help of the pip module.
sudo apt install python3-pip
pip3 install flask
pip3 install waitress
  • Create project directory autoscale_app or whatever you like in the server and go in that directory.
mkdir autoscale_app
cd autoscale_app
  • Create a file called app.py where we will write our flask server code. Here I have created a flask server on 5000 port number which will display “A simple flask server” text on the browser when we go to our website.
  • Our Flask app Is ready we can able to run and able to look at the app on our browser but it is currently running on port 5000 so access the web we have to include port number 5000 with our IP address and we have to allow 5000 port in our server inbounds. So to access the app directly on IP address without a port we will use an Nginx server which will manage the traffic on our server and route it to our application.

Nginx

  • Install Nginx
sudo apt install nginx
  • We will use an OpenSSL to create an SSL certificate and a key file that will allow our application to run our website on an HTTPS server.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
  • We will create a self-signed.conf file where we will write our certificate and key file path. we will provide this file in Nginx configuration.
sudo vi /etc/nginx/snippets/self-signed.conf
  • Paste the below content into the self-signed.conf file.
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
  • Below are some more parameters that can make the Nginx server more secure. You may refer here for an in-depth guide to the service.
sudo vi /etc/nginx/snippets/ssl-params.conf
  • Copy below content into the file.
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
  • Now we are going to create an Nginx configuration file where we can define the routes, server name, HTTP server, and give SSL certificate.
sudo vi /etc/nginx/sites-available/default
  • Below content creates two server blocks one for HTTP (port 80) and another for HTTPS (port 443). You can also combine them in one. It will tell Nginx to route any traffic which comes on the server to the localhost 5000 port.
server {
listen 80;
listen [::]:80;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_pass https://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}

Create ubuntu service to run Flask app

  • We have configured the flask app and Nginx server. Now we are ready to launch our app but before that, we have to make sure if our server restarts then our app should start automatically for that we will create a ubuntu service. Which will start our app automatically whenever the server reboot so we don’t have to do any manual tasks.
sudo vi /etc/systemd/system/autoscale.service
  • Below Content gives commands to ubuntu server that when server restart then automatic this service also start. Make sure you can change the working directory path with your project directory. Exec start is a command which is going to fire by service when service starts. We are going to start our flask app with python3.6 so I have given the absolute path of python3.6 and our app.py.
[Unit]
Description=Autoscale Flask project
After=network.target
[Service]
User=ubuntu
Group=www-data
#WorkingDirectory=/home/ubuntu/autoscale_app ## replace with your project directory path
ExecStart=/usr/bin/python3.6 /home/ubuntu/autoscale_app/app.py
[Install]
WantedBy=multi-user.target
  • Now we will start and enable the service. By enabling the service we are telling the server that this service is going to run on every reboot. If our service is disabled out the app will not run when the server restart.
sudo systemctl start autoscale.service
sudo systemctl enable autoscale.service
  • We will also restart the Nginx server as we have changed the configuration of Nginx. Without restart, our configuration wants to reflect.
sudo systemctl restart nginx
  • Go to your instance's public IP address you can see our app is running.

That’s all for part 2. we will meet again in the next article.

If you like this post, HIT Buy me a coffee! Thanks for reading.

Your every small contribution will encourage me to create more content like this.

--

--

DLMade
Analytics Vidhya

Howdy & Welcome. I am a content creator, machine learning researcher, and consultant. consultancy: dlmadeblog@gmail.com