Testing HTTPS w/ Flask's development server using stunnel on Ubuntu

Our website is served over HTTPS. To more easily test certain issues (e.g. mixed mode content warnings, or Mapquest SSL tile servers), I wanted to access my Flask local development server over HTTPS. These two articles describe how to do this using stunnel: Testing HTTPS with Django's Development Server, Django Development Server with HTTPS. Using stunnel, you can hit pages on your Django/Flask local dev server over HTTPS instead of HTTP. Here is how I installed it on Ubuntu Precise 12.04:

• Install SSL development files

  $ sudo apt-get install libssl-dev 
  

• Go to https://www.stunnel.org/downloads.html and download stunnel-4.54.tar.gz
• Unpack, compile, install.

  $ tar xvf stunnel-4.54.tar.gz 
  $ cd stunnel-4.54 
  $ ./configure --prefix=/home/saltycrane/lib/stunnel-4.54 
  $ make 
  $ make install 

  NOTE: the make install step asked me a number of questions and created a certificate file at /home/saltycrane/lib/stunnel-4.54/etc/stunnel/stunnel.pem. Accept all the defaults for the certificate information (accurate certificate information isn't needed for this application).
• Create a stunnel configuration file, /home/saltycrane/lib/stunnel-4.54/etc/stunnel/dev_https:

  pid =
  cert = /home/saltycrane/lib/stunnel-4.54/etc/stunnel/stunnel.pem
  debug = 7
  foreground = yes
  
  [https]
  accept = 7000
  connect = 5000

• Start stunnel:

  $ /home/saltycrane/lib/stunnel-4.54/bin/stunnel /home/saltycrane/lib/stunnel-4.54/etc/stunnel/dev_https
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Clients allowed=500
  2012.10.17 17:40:52 LOG5[12468:140357811214080]: stunnel 4.54 on x86_64-unknown-linux-gnu platform
  2012.10.17 17:40:52 LOG5[12468:140357811214080]: Compiled/running with OpenSSL 1.0.1 14 Mar 2012
  2012.10.17 17:40:52 LOG5[12468:140357811214080]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:none Sockets:POLL+IPv6
  2012.10.17 17:40:52 LOG5[12468:140357811214080]: Reading configuration from file /home/saltycrane/lib/stunnel-4.54/etc/stunnel/dev_https
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Compression not enabled
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Snagged 64 random bytes from /home/saltycrane/.rnd
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Wrote 1024 new random bytes to /home/saltycrane/.rnd
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: PRNG seeded successfully
  2012.10.17 17:40:52 LOG6[12468:140357811214080]: Initializing service [https]
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Certificate: /home/saltycrane/lib/stunnel-4.54/etc/stunnel/stunnel.pem
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Certificate loaded
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Key file: /home/saltycrane/lib/stunnel-4.54/etc/stunnel/stunnel.pem
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Private key loaded
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Using DH parameters from /home/saltycrane/lib/stunnel-4.54/etc/stunnel/stunnel.pem
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: DH initialized with 1024-bit key
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: ECDH initialized with curve prime256v1
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: SSL options set: 0x00000004
  2012.10.17 17:40:52 LOG5[12468:140357811214080]: Configuration successful
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: Service [https] (FD=7) bound to 0.0.0.0:7000
  2012.10.17 17:40:52 LOG7[12468:140357811214080]: No pid file being created
  

• Start the python dev server:

  $ HTTPS=1 python bin/runserver.py 0.0.0.0 5000 

• Go to https://localhost:7000 in your browser

See also

• https://forums.aws.amazon.com/thread.jspa?messageID=310507
• http://www.stunnel.org/faq.html