| .. | ||
| build_occlum_instance.sh | ||
| flask.yaml | ||
| gen-cert.sh | ||
| install_python_with_conda.sh | ||
| README.md | ||
| rest_api.py | ||
| run_flask_on_occlum.sh | ||
Flask TLS demo on Occlum
This project demonstrates how Occlum enables unmodified Python program flask running in SGX enclaves, which is based on glibc.
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications.
Sample Code: Flask TLS demo in Python
To make the sample code more realistic, we choose to start a simple Flask TLS server by flask-restful. The sample code can be found here.
How to Run
This tutorial is written under the assumption that you have Docker installed and use Occlum in a Docker container.
- Step 1: Download miniconda and install python to prefix position.
bash ./install_python_with_conda.sh
- Step 2: Generate sample cert/key
bash ./gen-cert.sh
- Step 3: Build Flask TLS Occlum instance
bash ./build_occlum_instance.sh
- Step 4: Start the Flask TLS server on Occlum
bash ./run_flask_on_occlum.sh
It starts a sample Flask server like below:
occlum run /bin/rest_api.py
* Serving Flask app "rest_api" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
* Running on all addresses.
WARNING: This is a development server. Do not use it in a production deployment.
* Running on https://localhost:4996/ (Press CTRL+C to quit)
- Step 5: Write some customers' info, such as
# curl --cacert flask.crt -X PUT https://localhost:4996/customer/1 -d "data=Tom"
# curl --cacert flask.crt -X PUT https://localhost:4996/customer/2 -d "data=Jerry"
- Step 6: Read the customers' info back
# curl --cacert flask.crt -X GET https://localhost:4996/customer/1
# curl --cacert flask.crt -X GET https://localhost:4996/customer/2