Implement TLS security capability for production backend

[sjmf]

In production, we may wish to deploy the WSGI gateway (gunicorn) on a separate host to the nginx frontend reverse proxy. See docker-compose.azure.yml and docker-compose.backend.yml. The network in-between the two hosts should be treated as insecure.

The solution to this is to implement transport-layer security between nginx and its upstream server at gunicorn.

Resources:

• The nginx article on Securing HTTP Traffic to Upstream Servers.
• This StackOverflow question on running gunicorn on SSL. I suspect they mean TLS, not SSL, as people often incorrectly use SSL as a shorthand for the 's' in 'https'.

gunicorn --certfile=server.crt --keyfile=server.key test:app

NB: This is distinct from issue #86: There, TLS is between client and nginx. In this issue, TLS is required between nginx and gunicorn.

[sjmf]

We are no longer deploying with this architecture: Instead, we were successful in getting server routing to the outside world from the backend server. This issue is no longer required.