To run the FastAPI on HTTPS: edit systemctl service file of your app service. On Ubuntu, those files located at (/etc/systemd/system/)
If you don’t remember where you put the service file of your app – just run the systemctl status command: systemctl status appname
systemctl status appname
Add two arguments related to the SSL certificate to the execute command: --certfile="/etc/letsencrypt/live/yourdomain/fullchain.pem" --keyfile="/etc/letsencrypt/live/yourdomain/privkey.pem"
This is what the service file looks like:
Pay the maximum attention to the first cert attribute –
--certfile="/etc/letsencrypt/live/yourdomain/fullchain.pem"
on most guides recommended putting a link to your “cert.pem” file. However the right technique would be putting a link to fullchain.pem file. Otherwise, you will end up with an “unable to verify the first certificate” error. All cert files located under /etc/letsencrypt/live/yourdomain Why? For example, the certbot has added this code to my nginx.conf file(located under /etc/nginx/conf.d/):
You can find your cert keys by visiting letsencrypt folder. The above example is working on Vultr VPN, Ubuntu 20.04 TLS, Nginx, my uvicorn running under gunicorn, SSL was auto-generated with certbot.
FastApi HTTPS
The reason why I transferred my FastAPI project to HTTPS – is to enable the Paddle payment gateway. All of their requests should be passed to HTTPS pages, only.
These tips I have applied to my ddnames.com microservice project. If you’re testing your project locally, you might be interested in this post on how I’ve been running Django under a local machine.
Leave a Reply