Dockerized Flask Starter App with TOTP Two-Factor Authentication

This repository is the result of my long search for a simple but versatile route from Python code to a presentable HTTPS web app that lives on a custom domain.

Main Features

• Demo App - (disabled due to $$$) - a Flask app with two-factor auth and sample protected content, based on Miguel Grinberg’s blueprint
• The whole thing is in a Docker container, extensible to multi-container apps with Docker Compose
• Direct deployment to AWS Elastic Container Service using Docker tools

Two-Factor Auth

The web app has a private section for authenticated users. I work in biotech and healthcare sectors, where two-factor authentication is a common requirement. Here you have what’s in my view is the least annoying flavor of 2FA: TOTP tokens. To register, you scan a QR code with a free app like Google Authenticator. The app generates tokens that expire every 30 seconds.

Here are the main features:

Note: At the time of writing (September 2020), standard Docker Desktop did not have the docker ecs feature and Docker Desktop Edge (2.3.3.0) was required. You can use regular edition now: https://docs.docker.com/engine/context/ecs-integration/

Development in a local Docker container

1. Set up Docker Desktop (choose Edge edition if you need AWS ECS integration)
2. Clone: git clone https://github.com/liquidcarbon/dockerflask2fa.git && cd dockerflask2fa
3. Build and start the application: docker-compose up
4. Go to http://localhost:5000 in your address bar to connect to the application. Unless you crash the app, the changes you will make to the application will automagically appear in your browser (hot reloading).
5. Make changes, tag and push to a container registry. In order to run your application in the cloud, you will need your container images to be in a registry.

Deployment to AWS Fargate

Update Oct 21, 2020: these instructions will no longer work because Docker disabled docker ecs feature in favor of docker context: https://docs.docker.com/engine/context/ecs-integration/

Costs: about $1 / day (ELB + ECS)

Follow the steps below or the instructions in docker-ecs repo.

1. Set up and configure AWS CLI
2. Update ECS ARN resource format
3. Connect Docker to AWS ECS: docker ecs setup and set context to aws
4. Switch Docker context from local development to AWS: docker context use aws (to revert to local, say docker context use default)
5. Magic: docker ecs compose up (takes a few minutes)
6. After a few minutes, retrieve the URL for your new app with docker ecs compose ps - looks like this Dockerflask2faLoadBalancer-67be8e87ec9268e4.elb.us-east-1.amazonaws.com:5000
7. This address points to an Elastic Load Balancer (ELB). You can register the ELB in Cloudfront for HTTPS support and attach the Cloudfront distribution to a custom domain name.