I think I'm actually seeing the same issue, but restated a different way:

I'm unsure of how to start my flask server which requires https for security through the socketio.run() wrapper. The ssl_context and other https parameters seem to go largely ignored and socketio seems to default to http protocol.

@wiwengweng the web server is a single one, so you cannot have http on one and https on the other part. What you can do is run two separate servers, and then add nginx as a reverse proxy. The nginx configuration can specify that you want to listen on ports 80 and 443.

@chisaipete Your question seems to be more about how to set up SSL, which depends on the async framework you are using. The ssl_context option works for the Flask development web server, but will not work for eventlet or gevent, because each have their own SSL support. So you need to look at the docs for the web server that you are using to see how to enable SSL.

Ah! Thanks for the correction and hint!

edit: I've got my setup working using eventlet and gunicorn.

Thanks, Miguel. Would try then. :D

@chisaipete Any chance you're willing to share what worked for you with SSL/Gunicorn/Eventlet?

@dhhagan not sure if this is an option you are open to explore, but I always set up SSL to be terminated at nginx. The communication between nginx and the application does not use encryption. This is how I host my blog, for example. An example nginx config for this set up is in my Flack project: https://github.com/miguelgrinberg/flack/blob/master/webserver/nginx/flack.conf.

Hey @miguelgrinberg . That's exactly what I'm trying to do (and was using your example), but have run in to trouble with debugging nginx that is driving me nuts, so I was looking for other examples..I'll keep hacking away at it since it seems like the best way forward. If doing that, do I still need to directly send the cert files?

If doing that, do I still need to directly send the cert files?

Explain this. I don't understand what you mean.

Nevermind. I was mixing up the socketio.run() server with gunicorn (which I am using). I suppose if I were using the former, I would need to tell it where the ssl certs were..? I have nginx taking care of all that as of now.

Yes, each framework and/or web server does this in a different way. For gunicorn, you pass the info in cli arguments. If you use eventlet or gevent via socketio.run(), then each has its own specific arguments to pass the cert and the private key files, which you need to pass in the run() call.

@dhhagan Yes! Sorry. I had to use some development versions of eventlet and gunicorn in order to get it all working in my development environment (Ubuntu on Windows 10). I believe all the changes I made were:

pip install -U https://github.com/eventlet/eventlet/archive/master.zip
pip install -U https://github.com/benoitc/gunicorn/archive/master.zip

Remember to monkeypatch eventlet:
import eventlet
eventlet.monkey_patch()

And then to run:
gunicorn --worker-class eventlet -w 1 --certfile cert.pem --keyfile key.pem -b 0.0.0.0:5500 app:app