Skip to content

Instantly share code, notes, and snippets.

@stephenbradshaw
Created November 5, 2020 01:26
Show Gist options
  • Save stephenbradshaw/a2b72b5b58c93ca74b54f7747f18a481 to your computer and use it in GitHub Desktop.
Save stephenbradshaw/a2b72b5b58c93ca74b54f7747f18a481 to your computer and use it in GitHub Desktop.
Python 3 Simple HTTPS server
#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html
import http.server
import ssl
httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)
httpd.serve_forever()
@danperrout
Copy link

Awesome!

If you want to expose it to the world, just change '127.0.0.1' to '0.0.0.0'

@NadgobKhan
Copy link

Thanks!

@lxylxy123456
Copy link

I am on Python 3.11.2 and I see a warning when running this script:

python3_https_server.py:11: DeprecationWarning: ssl.wrap_socket() is deprecated, use SSLContext.wrap_socket()
  httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True)

I fix this warning with the following script:

#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl: 
#     openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html

import http.server
import ssl

httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.load_cert_chain(certfile='./server.pem')
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()

@stephenbradshaw
Copy link
Author

Thanks @lxylxy123456

@zyfdegh
Copy link

zyfdegh commented Apr 26, 2024

If server.crt server.key are separate, use this to load

ctx.load_cert_chain(certfile='server.crt', keyfile='server.key')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment