install flask & gunicorn

This is based on red hat linux

################### config yum ###################

/etc/yum.conf

   gpgcheck=0                     #skip gpg key

   sslverify=0                    #skip cerficate check

################### config local repository ###################

/etc/yum.repos.d/local_xyz.repo

[xyz]

name=Red Hat Enterprise Linux 7 (local)

metadata_expire=1d

gpgcheck=0

cost=500

baseurl=https://255.255.255.255/rhnmirror/7/rhel-7-server-rpms

enabled=1

[xyz-optional]

name=Red Hat Enterprise Linux 7 Optional packages (local)

metadata_expire=1d

gpgcheck=0

cost=500

baseurl=https://255.255.255.255/rhnmirror/7/rhel-7-server-optional-rpms

enabled=1

[xyz-epel7]

name=EPEL 7 (local)

metadata_expire=1d

gpgcheck=0

cost=500

baseurl=https://255.255.255.255/rhnmirror/7/epel

enabled=1

[xyz-extras]

name=Red Hat Enterprise Linux 7 Extra packages (local)

metadata_expire=1d

gpgcheck=0

cost=500

baseurl=https://255.255.255.255/rhnmirror/7/rhel-7-server-extras-rpms

enabled=1

##################install flask and gunicorn ####################

sudo yum update

python --version                       

sudo yum install python-flask            #install flask

sudo yum install python-gunicorn         #install gunicorn

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent    #open port 8080 for the web service

################## test flask and gunicorn ####################

#create a test.py using the following codes

from flask import Flask, Response

app = Flask(__name__)

@app.route("/test")

def test():

    return Response("helloworld"), 200

sudo gunicorn -b 127.0.0.1:8080 test:app     #start gunicorn and listen at port 8080, change the local ip accordingly.

#from a browser outside of the vm, go to http://127.0.0.1:8080/test

#it should display helloworld on the browser

################## install msodbc 17 ####################

sudo curl https://packages.microsoft.com/config/rhel/7/prod.repo > mssql-release.repo --proxy 192.168.1.1:8080

sudo mv mssql-release.repo /etc/yum.repos.d/mssql-release.repo    #move the repo to yum.repos.d

/etc/yum.conf

   proxy=http://192.168.1.1:8080          #add the proxy to yum.conf so it can connect to the microsoft repo

sudo yum update

sudo ACCEPT_EULA=Y yum install msodbcsql17  #install the odbc driver 17 for sql server

sudo yum install pyodbc                     #the python odbc library

################## install python libraries ####################

sudo yum install gcc-c++           #the compiler, make sure the version > 4.8

sudo yum install python2-pip       #the python package manager, pip will get packages from PyPi

sudo pip install --upgrade pip --proxy http://192.168.1.1:8080  #upgrade pip

sudo pip install numpy --proxy http://192.168.1.1:8080        #install numpy from pip, the numpy in yum repo is too old to work

sudo pip install scipy --proxy http://192.168.1.1:8080         #another scientific library

sudo pip install scikit-learn --proxy http://192.168.1.1:8080   #install the machine learning library

sudo pip install xgboost --proxy http://192.168.1.1:8080       #install the xgboost model library, it could take a couple minutes

################## test pyodbc and xgboost ####################

#make sure it can connect to the database from the vm

-----------------create a test_model.py using the following codes----------------------------

import pyodbc

import numpy as np

import sklearn.metrics as met

import xgboost

conn = pyodbc.connect("DRIVER={ODBC Driver 17 for SQL Server};SERVER=192.168.1.2;DATABASE=Claims_Automation;uid=username;pwd=password;")

cursor = conn.cursor()

cursor.execute('SELECT ABC from table_xyz')

rows = cursor.fetchall()

rows_array = np.array(rows)

y = rows_array[:,0].astype(int)

y = np.reshape(y, (1, len(y)))[0]

X = rows_array[:, 1:].astype(float)

xr = xgboost.XGBRegressor()

xr.fit(X,y)

result = xr.predict(X)

print(result)

python test_model.py    #test the codes, it should return an array of numbers, e.g. [0.45995358 0.45995358 0.39743447 ... 0.45995358 0.39743447 0.39743447]

#############configure nginx#############

sudo vi /etc/nginx/nginx.conf

#to turn on the reverse proxy on http, add the following section to the http{} block. The example below listen at port 8081, so the request url is http://url:8081/... which maps to http://127.0.0.1:8080/...

server {

      listen 8081;

      server_name _;

      location /score {

        proxy_pass http://127.0.0.1:8080;

      }

    }

#to turn on the proxy on https

#firstly create self signed key and certificate, save it to /etc/cert/nginx. if directory doesnt exist, create one.

sudo openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/cert/nginx/nginx-selfsigned.key -out /etc/cert/nginx/nginx -selfsigned.crt                                                                                                                                                          rsa:2048 -keyout /etc/cert/nginx/nginx-selfsigned.key -out /etc/cert/nginx/nginx                                                                                                                                                             -selfsigned.crt

#add in the server section for https service. this is a minimum. The request url is https://url/... which maps to http://127.0.0.1:8080/...

server {

        listen       443 ssl;

        server_name  _;

        ssl_certificate "/etc/cert/nginx/nginx-selfsigned.crt";

        ssl_certificate_key "/etc/cert/nginx/nginx-selfsigned.key";

        location / {

            proxy_pass http://127.0.0.1:8080;

        }

    }

#the following is a more complete version

server {

        listen       443 ssl; 

        server_name  _;

        root         /var/www/html;

        ssl_certificate "/etc/cert/nginx/nginx-selfsigned.crt";

        ssl_certificate_key "/etc/cert/nginx/nginx-selfsigned.key";

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout  10m;

        ssl_ciphers HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;

        location / {

            proxy_pass http://127.0.0.1:8080;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

#modify the firewall settting to allow traffic coming in and out

sudo firewall-cmd --permanent --zone=public --add-service=http 

sudo firewall-cmd --permanent --zone=public --add-service=https

sudo firewall-cmd --reload

#if other ports need to be opened:

sudo firewall-cmd --zone=public --add-port=8081/tcp --permanent

#add the following script to c# program to accept the self signed certificate'

httpWebRequest.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

#############url rewrite in nginx#########################

#give a base url to a paricular gunicorn app, say superservice

#if people call http://1.1.1.1/superservice/showmethemoney

#it should redirect the request to http://1.1.1.2:8080/showmethemoney

#a very simply way is to define the location as follows:

location /superservice {

  proxy_pass http://1.1.1.1:8080/;

}

#the location /superservice will match the incoming url

#when it come to proxy_pass, the additional / at the end of the url strips the matched prefix /superserice and pass the remainder on.

#a more complex way is to use REWRITE

location /foo{

             rewrite /foo/(.*) /$1 break;  #capture suburls after /foo by the group regex (.*), and $1 refers to the first matching group which is the suburl

             proxy_pass http://127.0.0.1:8080;

        }