Skip to main content
This guide gives an overview of how to create the distribution file and install it on a production server. It won’t go into specifics about what server or software to use, but provides the essential steps.
Don’t use the built-in development server (flask run) in production. It’s not designed to be efficient, stable, or secure.

Build and Install

1

Install the build tool

When you want to deploy your application elsewhere, build a wheel (.whl) file:
pip install build
2

Build the wheel file

python -m build --wheel
This creates dist/flaskr-1.0.0-py3-none-any.whl.The file name format is: {project name}-{version}-{python tag}-{abi tag}-{platform tag}
3

Copy to production server

Copy the wheel file to another machine where you want to deploy.
4

Set up virtual environment on server

On the production machine, create a new virtual environment:
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
5

Install the application

pip install flaskr-1.0.0-py3-none-any.whl
Pip will install your project along with its dependencies.
6

Initialize the database

Since this is a new installation, initialize the database:
flask --app flaskr init-db

Configure the Secret Key

In development, you used a default value for SECRET_KEY. This must be changed to a random value in production, or attackers could use the public 'dev' key to modify the session cookie.
1

Generate a secret key

Use Python to generate a random secret key:
python -c 'import secrets; print(secrets.token_hex())'
Output:
192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf
2

Create config.py in instance folder

When Flask is installed (not in editable mode), the instance folder is at .venv/var/flaskr-instance/.Create .venv/var/flaskr-instance/config.py:
.venv/var/flaskr-instance/config.py
SECRET_KEY = '192b9bdd22ab9ed4d12e236c78afcb9a393ec15f71bbf5dc987d54727823bcbf'
You can also set any other necessary configuration here.
Never commit config.py or the secret key to version control. Keep it secure on your production server.

Run with a Production Server

Use a production WSGI server instead of the development server. Here’s an example using Waitress:
1

Install Waitress

pip install waitress
2

Run the application

waitress-serve --call 'flaskr:create_app'
Output:
Serving on http://0.0.0.0:8080
Waitress is listening on all public IPs on port 8080.

Other WSGI Servers

Waitress is just one example. Other popular options include:
  • Gunicorn (Linux/Unix) 
    pip install gunicorn
gunicorn 'flaskr:create_app()'
  • uWSGI (Linux/Unix) 
    pip install uwsgi
uwsgi --http :8080 --wsgi-file flaskr:create_app
  • mod_wsgi (Apache) Works with Apache HTTP Server

Deployment Options

There are many ways to host your Flask application:

Traditional Hosting

  1. Virtual Private Server (VPS)
    • DigitalOcean, Linode, AWS EC2
    • Full control over the server
    • Manually configure web server, WSGI server, database
  2. Platform as a Service (PaaS)
    • Heroku, Railway, Render
    • Simplified deployment
    • Automatic scaling and management
  3. Container Platforms
    • Docker + Docker Compose
    • Kubernetes
    • Consistent environment across development and production

Reverse Proxy Setup

In production, typically run your WSGI server behind a reverse proxy like Nginx or Apache: 
server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /static {
        alias /path/to/flaskr/static;
        expires 30d;
    }
}
Benefits:
  • Serve static files efficiently
  • Handle SSL/TLS termination
  • Load balancing
  • Security features

Production Checklist

1

Security

  • Set a strong, random SECRET_KEY
  • Use HTTPS (SSL/TLS certificate)
  • Enable security headers
  • Validate and sanitize all user input
  • Keep dependencies updated
2

Database

  • Use a production database (PostgreSQL, MySQL) instead of SQLite for high-traffic sites
  • Set up database backups
  • Use connection pooling
  • Enable database migrations (e.g., Flask-Migrate)
3

Performance

  • Enable caching (Redis, Memcached)
  • Use a CDN for static assets
  • Configure logging
  • Set up monitoring (Sentry, New Relic)
4

Reliability

  • Use a process manager (systemd, supervisor)
  • Configure automatic restarts
  • Set up health checks
  • Implement rate limiting

Environment Variables

Instead of using config.py, you can use environment variables:
flaskr/__init__.py
import os

app.config.from_mapping(
    SECRET_KEY=os.environ.get('SECRET_KEY'),
    DATABASE=os.environ.get('DATABASE_URL'),
)
Set them on your server: 
export SECRET_KEY='your-secret-key'
export DATABASE_URL='postgresql://user:pass@localhost/dbname'

Systemd Service (Linux)

Create a systemd service to manage your application:
/etc/systemd/system/flaskr.service
[Unit]
Description=Flaskr Blog Application
After=network.target

[Service]
User=www-data
WorkingDirectory=/var/www/flaskr
Environment="PATH=/var/www/flaskr/.venv/bin"
Environment="SECRET_KEY=your-secret-key"
ExecStart=/var/www/flaskr/.venv/bin/waitress-serve --call 'flaskr:create_app'
Restart=always

[Install]
WantedBy=multi-user.target
Enable and start the service: 
sudo systemctl enable flaskr
sudo systemctl start flaskr
sudo systemctl status flaskr
See the Flask deployment documentation for detailed guides on various deployment methods and platforms.

Next Steps

Congratulations! You’ve completed the Flask tutorial. You now have:
  • A working blog application
  • Understanding of Flask’s core concepts
  • Experience with blueprints, templates, and databases
  • A tested and deployable application

Continue Learning

Happy coding!

Build docs developers (and LLMs) love

Get started for freeTalk to us