What is the simplest way to enable SSL/HTTPS in a Reflex application?
The application will be used locally, so a self-signed certificate should be sufficient.
I couldn’t find anything about this in the Reflex documentation, and suggestions from Claude.ai regarding FastAPI and uvicorn configuration either don’t work or I haven’t been able to implement them correctly.
I am using certificates on my application to have access via the 443 Port. I was able to implement this in my Apache configuration.
IMO caddy is the simplest approach, because it automatically sets up TLS, either self signed or via letsencrypt for public domains.
Example: reflex/docker-example/simple-one-port at main · reflex-dev/reflex · GitHub (you don’t need to use docker, but you can reference the Dockerfile for setup commands and Caddyfile for an example on how to setup the config)
I build a stock management app with functionality to scan QR codes. It will be hosted on internal server and I don’t plan to go public with it. To make my app work, I needed an SSL certificate, as browsers wouldn’t grant access to the phone camera without one.
Here is a description of what I did to solve the problem with the SSL cerificate. As mansef suggesed, I used Caddy server to create a local secure server:
1. Download Caddy
- Go to GitHub: Releases · caddyserver/caddy · GitHub
- Get the lates stable version. My OS is Windows 10, so I downloaded caddy_2.8.4_windows_amd64.zip
2. Install Caddy
- Put caddy.exe in any folder you wish.
- Add this folder to your computer’s PATH. However, it’s optional - if you don’t do this, you will have to call caddy.exe with the full path.
3. Create a Caddyfile
- Make a new file named exactly “Caddyfile” (no .txt)
- For your convience, you can put it in your Reflex project main folder. However it seems it could be located anywhere.
Add this code to "Caddyfile:
reflex.localhost, your_computer_ip {
@backend_routes path /_event/* /ping /_upload /_upload/*
handle @backend_routes {
reverse_proxy 0.0.0.0:8000
}
reverse_proxy localhost:3000
tls internal
}
Replace “your_computer_ip” with your actual IP.
4. Run Caddy
- Open terminal
- Go to folder with 'Caddyfile"
- Type: caddy run
- Running the Caddy server will block the terminal, so you will need to open another terminal window to run your Reflex app.
5. Start Your App
When you browse to reflex.localhost or your IP (defined in ‘Caddyfile’), your browser will ask you to accept an unsafe certificate, but after that, you will be able to grant access to the camera.