Too Long: Didn’t Read
build script builds a Docker container,
$ ./build MY_VERSION $ docker run --rm -it --publish 8080:8080 \ moshez/sayhello:MY_VERSION --port 8080
There will be a simple application running on port 8080.
If you own the domain name
hello.example.com, you can point it at a machine that the domain resolves to and then run:
$ docker run --rm -it --publish 443:443 \ moshez/sayhello:MY_VERSION --port le:/srv/www/certs:tcp:443 \ --empty-file /srv/www/certs/hello.example.com.pem
It will result in the same application running on a secure web site:
All source code is available on GitHub.
WSGI has been a successful standard. Very successful. It allows people to write Python applications using many frameworks (Django, Pyramid, Flask and Bottle, to name but a few) and deploy using many different servers (uwsgi, gunicorn and Apache).
Twisted makes a good WSGI container. Like Gunicorn, it is pure Python, simplifying deployment. Like Apache, it sports a production-grade web server that does not need a front end.
Container images allow us to package an application with all of its dependencies. They often cause a temptation to use those as the configuration management. However, Dockerfile is a challenging language to write big parts of the application in. People writing WSGI applications probably think Python is a good programming language. The more of the application logic is in Python, the easier it is for a WSGI-based team to master it.
Pex is a way to package several Python “distributions” (sometimes informally called “Packages”, the things that are hosted by PyPI) into one file, optionally with an entry-point so that running the file will call a pre-defined function. It can take an explicit list of wheels but can also, as in our example here, take arguments compatible with the ones pip takes. The best practice is to give it a list of wheels, and build the wheels with
The pkg_resources module allows access to files packaged in a distribution in a way that is agnostic to how the distribution was deployed. Specifically, it is possible to install a distribution as a zipped directory, instead of unpacking it into
site-packages. The code:pex format relies on this feature of Python, so adherence to using
pkg_resources to access data files is important in order to not break code:pex compatibility.
Let’s Encrypt is a free, automated, and open Certificate Authority. It has invented the ACME protocol in order to make getting secure certificates a simple operation. txacme is an implementation of an ACME client, i.e., something that asks for certificates, for Twisted applications. It uses the server endpoint plugin mechanism in order to allow any application that builds a listening endpoint to support ACME.
twist command-line tools allows running any Twisted service plugin. Service plugins allow us to configure a service using Python, a pretty nifty language, while still allowing specific customizations at the point of use via command line parameters.
Putting it all together
setup.py files defines a distribution called
sayhello. In it, we have three parts:
src/sayhello/wsgi.py: A simple Flask-based WSGI application
src/sayhello/data/index.html: an HTML file meant to serve as the root
src/twisted/plugins/sayhello.py: A Twist plugin
There is also some build infrastructure:
buildis a Python script to run the build.
build.dockeris a Dockerfile designed to build pex files, but not run as a production server.
run.dockeris a Dockerfile designed for production container.
Note that build does not push the resulting container to DockerHub.
Tristan Seligmann has written txacme.
Amber “Hawkowl” Brown has written “twist”, which is much better at running Twisted-based services than the older “twistd”.
Of course, all mistakes and problems here are completely my responsibility.