How I Built an IoT Tea Tracker with Flask, SSL, and Apache on AWS

Posted on April 6, 2025 by eedude

Intro

Last week, I set out to solve a fun and simple problem: track how many cups of tea I drink with a single tap from my smartphone. While this might sound trivial, it turned into a great opportunity to learn more about hosting Flask applications, securing them with SSL, and integrating them cleanly with my existing WordPress site hosted on AWS Lightsail.

In this post, I’ll walk through how I set up a dedicated Flask microservice at iot.eedude.com, configured SSL with Let’s Encrypt, and set up an Apache reverse proxy to serve it securely.

πŸ› οΈ The Idea

I wanted to create a small API endpoint that would increment a counter every time I pressed a shortcut from my phone. The endpoint should be publicly accessible (with HTTPS), lightweight, and easily extendable for other IoT-style hacks later.

πŸ”§ Infrastructure Setup

I already had a Bitnami WordPress stack running on an AWS Lightsail instance. Rather than setting up a separate server, I:

  • Added a new A record in my domain DNS for iot.eedude.com
  • Created a new Flask app inside a folder (~/tea_tracker)
  • Installed Python3 virtualenv and Flask:
sudo apt update
sudo apt install python3-venv -y
python3 -m venv venv
source venv/bin/activate
pip install flask

🐍 Writing the Flask App

The app is dead simple. It:

  • Increments a number stored in a JSON file every time /tea is hit
  • Exposes /tea/status to check how many cups have been logged
  • Has a homepage (/) that just renders a simple HTML button

Here’s a snippet:

@app.route('/tea')
def increment_tea():
    count = load_count() + 1
    save_count(count)
    return jsonify(message="Cup of tea logged!", total_cups=count)

πŸ” Configuring Apache as a Reverse Proxy

Bitnami uses a custom Apache stack, so I created a new virtual host:

<VirtualHost *:443>
  ServerName iot.eedude.com

  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"

  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:5000/
  ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>

Don’t forget to enable vhost includes in httpd.conf:

Include conf/vhosts/*.conf

πŸ” Setting Up SSL

The Bitnami stack makes this really easy:

sudo /opt/bitnami/bncert-tool

I added both eedude.com and iot.eedude.com and Let’s Encrypt issued a valid cert for both. I confirmed it worked by running:

echo | openssl s_client -connect localhost:443 -servername iot.eedude.com | openssl x509 -noout -text | grep DNS

πŸ“± Creating a Mobile Shortcut

Using Chrome on Android, I visited https://iot.eedude.com/tea and added the page to my home screen. Now, I just tap an icon labeled “Tea Button β˜•” whenever I have a cuppa. It hits the endpoint and logs it!

βœ… Results

  • βœ… SSL-protected Flask app
  • βœ… Running under Apache on same server as WordPress
  • βœ… Instant tea-tracking from my phone

This little project helped me integrate Flask into a production environment, work with Apache VHosts, and configure domain/subdomain SSL certs.

This entry was posted in Mini-Projects and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *