Question

How to use HTTPS with Jam.py

I’m trying to set up Jam.py on a Ubuntu system that has an Apache server. I want it to use HTTPS instead of HTTP, but have had no success so far. The server has a valid digital certificate via Certbot. I tried to follow the steps shown at https://jam-py.com/docs/how_to/deploy/how_to_deploy_to_linux_apache.html and pass the 443 command line argument to server.py, but attempting to start it causes this error: OSError: [Errno 98] Address already in use Running server.py if the Apache server isn’t running doesn’t cause an error, but it still uses HTTP in spite of listening on port 443.

What should I do next to diagnose this problem?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello there! For other readers, since been a while from the OP question, there is a way to run gunicorn over SSL: https://groups.google.com/g/jam-py/c/M0GzXl1J3Gc/m/RPQ_u2FJAQAJ

However, the problem with gunicorn and Jam (or any wsgi app), is seeing the log files. And log files are really needed. Also, after the reboot, the app will not work unless there is a startup file created for gunicorn. Which is fiddly.

Hence, since Jam is a wsgi app, Apache can happily run on ssl with it. There is no need to start the application on port 8080 with gunicorn or to run “python server.py”, or as OP mentioned “pass the 443 command line argument to server.py”.

As per OP link, just set the SSL options and off you go.

Before even trying SSL, make sure Apache actually works: https://groups.google.com/g/jam-py/c/Zv5JfkLRFy4/m/JnoLSg3uGQAJ

Good luck

KFSys
Site Moderator
Site Moderator badge
August 23, 2023

If you want to use Jam.py with HTTPS behind an Apache server, it’s typically best to utilize Apache as a reverse proxy for the Jam.py application. Instead of running the Jam.py application directly on port 443 (which will cause a conflict if Apache is already using that port), you should:

  1. Run Jam.py on a different, unused port (e.g., 8080).
  2. Configure Apache to reverse proxy HTTPS requests on port 443 to the Jam.py application running on port 8080 (or whatever port you chose).

Here’s a step-by-step guide:

  1. Run Jam.py on an Unused Port: Start the Jam.py server on an unused port, say 8080.
  2. Configure Apache as a Reverse Proxy: Update or create an Apache configuration file for your site/domain. Add the following configuration, adapting for your needs:
<VirtualHost *:443>
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com

    # SSL Configuration from Certbot
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Reverse proxy configuration
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

</VirtualHost>

This configuration tells Apache to accept HTTPS requests on port 443 and forward (proxy) them to your Jam.py application running on port 8080.

  1. Enable Necessary Apache Modules: Ensure you’ve enabled the necessary modules for proxy and SSL functionalities:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl

Now, when you access your domain via HTTPS (https://yourdomain.com), Apache will handle the SSL/TLS encryption and then proxy the requests to the Jam.py application.

Bobby Iliev
Site Moderator
Site Moderator badge
March 8, 2023

Hi there,

You can not have two services listening on the same port. If your Apache service is already listening on port 443 with a valid SSL, you will not be able to start your Jam app on the same port.

You should start your app as normal and not on port 443.

An alternative option, would be to use Nginx as described here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04

The article uses Django as an example, but the setup will be the same.

Let me know how it goes!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.

This promotional offer applies to new account only.

© 2023 DigitalOcean, LLC.