问题
I want to set up very simple http server whith replaces few keywords in single html file and send it in repspond to request to clients. Python's http.server looks good for me but in documentation I found:
Warning http.server is not recommended for production. It only implements basic security checks.
and in source code:
SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL -- it may execute arbitrary Python code or external programs.
Do you know any way to create safty http server which ports could be foreword via firewall to internet?
回答1:
If its a Python web application, there are several options available for HTTP servers in Python. Among the safe one's are Gunicorn, Nginx WSGI, mod_wsgi. A list is available here. I'll take mod_wsgi as an example. The official documentation states there are two ways to install this package & both are safe for production deployments:
The package can be installed in two different ways depending on your requirements. The first is as a traditional Apache module installed into an existing Apache installation.The second way of installing mod_wsgi is to install it from PyPi using the Python pip command. This builds and installs mod_wsgi into your Python installation or virtual environment. Both installation types are suitable for production deployments.
According to the docs, the best option is to use: Apache + mod_wsgi + docker.
For mod_wsgi, you will need to configure Apache 2.4 and both Python 2 & 3 are supported. The requirements are stated here.
The Apache web server is widely used in production applications. The Apache HTTP Server Project is among the oldest and well maintained for 20 years. You can read more about it here. As for implementing security, you should read this answer.
来源:https://stackoverflow.com/questions/54143415/setting-up-simple-safe-http-server-in-python3