Flask App with Gunicorn and Nginx in AWS Lightsail

Overview

The web application is a Python Flask application integrated with Auth0 for authentication and authorization, served by the Gunicorn application server. It is deployed on an Amazon Lightsail instance running Ubuntu Linux, with Nginx as the web server. The application uses a Let’s Encrypt SSL certificate for secure HTTPS communication.

Web Application Architecture

Key Components

• Framework: Python Flask Lightweight web application framework
• Authentication: Auth0 Secure user authentication and authorization
• Application Server: Gunicorn WSGI HTTP server for Python web applications
• Web Server: Nginx Reverse proxy and SSL termination
• Hosting: Amazon Lightsail Ubuntu Linux instance
• SSL: Let's Encrypt HTTPS encryption certificate

1. HTTPS with SSL/TLS

• Obtain SSL Certificates
  • Use trusted Certificate Authorities like Let's Encrypt
  • Avoid self-signed certificates in production

2. Harden Nginx Configuration

• Set Security Headers
  • Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Frame-Options and X-XSS-Protection