Deploying a FastAPI application for a production environment and using Nginx as a reverse proxy can be a game-changer. This setup can boost your app’s security, improve its performance, and make management a breeze. If this is your first time setting it up, don’t worry. We’ve got a straightforward step-by-step guide to get you there.
So, let’s start with the basics. Before anything else, make sure you have Nginx installed along with either Gunicorn or Uvicorn for your FastAPI app. And hey, if you’re a Docker fan, you can surely make your tech life easier by running everything in a container.
Getting Your Tools Ready
If you’re running a Debian-based system like Ubuntu, the installation process is pretty simple. Just fire up your terminal and run:
sudo apt update
sudo apt install nginx
And for Gunicorn and Uvicorn? No need for complicated scripts, just use pip:
pip install gunicorn uvicorn
Voila! You’ve got your tools.
Setting Up Your FastAPI App
Let’s make sure your FastAPI app is good to go. Here’s a super simple FastAPI application to get started:
from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def read_root():
return {"Hello": "World"}
You can run this little beauty with Uvicorn:
uvicorn main:app --host 0.0.0.0 --port 8000
If you lean towards using Gunicorn, no worries, here’s how you can set it up:
gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app --bind 0.0.0.0:8000
Both options are good to go, especially when paired with Nginx.
Configuring Nginx
Now, the heart of this setup is configuring Nginx to act as a reverse proxy. It’s like the backstage crew in a concert, directing everything seamlessly.
First, create a new configuration file. Open your preferred text editor and create a file in Nginx’s config directory:
sudo vim /etc/nginx/sites-available/fastapi-app
Then, paste in something like this:
server {
listen 80;
server_name example.com www.example.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8000;
}
error_log /var/log/nginx/fastapi-error.log;
access_log /var/log/nginx/fastapi-access.log;
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8000;
}
error_log /var/log/nginx/fastapi-error.log;
access_log /var/log/nginx/fastapi-access.log;
}
Easy, right? Now let’s create a symbolic link to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/fastapi-app /etc/nginx/sites-enabled/
And restart Nginx to apply changes:
sudo systemctl restart nginx
Nginx is now in action, directing traffic to your FastAPI app like a pro.
Adding that HTTPS Magic
Security is a must, so let’s set up HTTPS. You can use tools like Let’s Encrypt for a free SSL certificate. Here’s how.
First, install Certbot, an awesome tool from the EFF that automates the SSL certificate process:
sudo apt install certbot python3-certbot-nginx
Then, get your SSL certificate:
sudo certbot --nginx
Certbot will even update your Nginx configuration to include SSL settings. You’ll end up with something like this:
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8000;
}
error_log /var/log/nginx/fastapi-error.log;
access_log /var/log/nginx/fastapi-access.log;
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
And boom. Your site is now secure.
Passing Client IP Address
A common issue while using a reverse proxy is losing the client IP address. To fix this, you need to set the X-Forwarded-For header in your Nginx config:
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8000;
}
In your FastAPI app, you can access this header like so:
from fastapi import FastAPI, Request
app = FastAPI()
@app.get("/")
def read_root(request: Request):
client_ip = request.headers.get("X-Forwarded-For")
return {"Client IP": client_ip}
Now you know where your requests are coming from.
Juggling Multiple Endpoints
If you’re handling multiple endpoints or APIs on different ports, Nginx can also help. Here’s how you might set things up:
server {
listen 80;
server_name example.com www.example.com;
location /api1 {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /api2 {
proxy_pass http://localhost:8001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_log /var/log/nginx/fastapi-error.log;
access_log /var/log/nginx/fastapi-access.log;
}
Each endpoint is directed to its own port, making it easier to handle multiple APIs.
Wrapping It Up
Using Nginx as a reverse proxy for your FastAPI application is like adding an experienced stage manager to your production. It expertly directs traffic, boosts security, and enhances performance. Following these steps ensures you have a robust, production-ready setup that scales well and is easy to manage. Don’t forget to handle those HTTPS certificates, pass client IPs correctly, and configure for multiple endpoints if needed. Your FastAPI app is now all set to shine securely and efficiently.
