SIM-BE-Add production WSGI server for backend and webrequest containers

YeagerAI-Bulat commented 2 weeks ago

We have identified that the backend is running using the Werkzeug development server in debug deployment. This is evidenced by the following warning message: WARNING | Werkzeug appears to be used in a production deployment. Consider switching to a production web server instead. Also, using the Flask development server to run the application in a production environment is not recommended due to performance and security concerns:

Performance Limitations: The development server is not optimized for handling high traffic loads and concurrent requests. Flask is a single-threaded application.
Security Risks: It lacks essential security features and may expose debugging information that could be exploited.
- Stability Concerns: The server is not designed for long-term stability required in production settings.

Recommendation:

To ensure optimal performance, security, and stability, it is recommended to replace the Werkzeug development server with a production-grade server. Consider using one of the following options:

Gunicorn: A Python WSGI HTTP server suitable for UNIX. Widely used in production environments; compatible with various web frameworks.
Waitress: A pure-Python WSGI server with support for both Python 2 and 3.
uWSGI: A full-stack server for hosting Python WSGI applications.
gevent: A coroutine-based Python networking library that can be used as a WSGI server.
- eventlet: A concurrent networking library for Python supporting WSGI.
- ASGI Servers: For asynchronous applications, consider ASGI servers like Uvicorn or Daphne.

Action Items:

Evaluate Server Options: Assess the listed servers to determine the best fit based on our application's requirements and deployment environment.
- Update Deployment Configuration: Replace the Flask and Werkzeug server with the chosen production server in the deployment scripts and configurations.
- Testing: Conduct thorough testing to ensure the application runs smoothly with the new server and that there are no regressions.
- Documentation: Update the project's documentation to reflect the changes in the deployment process.
- Security Review: Perform a security assessment to ensure that the new server is properly configured and does not introduce vulnerabilities.

Benefits:

Improved Performance: Enhanced ability to handle multiple concurrent requests and higher traffic volumes.
- Increased Security: Better protection against common web vulnerabilities and attacks.
- Greater Stability: Improved reliability for long-running production environments.

YeagerAI-Bulat commented 23 hours ago

@mentatbot

github-actions[bot] commented 12 hours ago

OpenHands started fixing the issue! You can monitor the progress here.

yeagerai / genlayer-simulator