Many apps need to be accessed with SSL / TLS protocol or
We recommend performing SSL termination in a reverse proxy or load balancer for self-hosted and production use cases, not directly in the app. Streamlit Community Cloud uses this approach, and every major cloud and app hosting platform should allow you to configure it and provide extensive documentation. You can find some of these platforms in our Deployment tutorials.
To terminate SSL in your Streamlit app, you must configure
server.sslKeyFile. Learn how to set config options in Configuration.
Details on usage
- The configuration value should be a local file path to a cert file and key file. These must be available at the time the app starts.
server.sslKeyFilemust be specified. If only one is specified, your app will exit with an error.
- This feature will not work in Community Cloud. Community Cloud already serves your app with TLS.
In a production environment, we recommend performing SSL termination by the load balancer or the reverse proxy, not using this option. The use of this option in Streamlit has not gone through extensive security audits or performance tests.
# .streamlit/config.toml [server] sslCertFile = '/path/to/certchain.pem' sslKeyFile = '/path/to/private.key'
Still have questions?
Our forums are full of helpful information and Streamlit experts.