Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

7a336e6e/deploying-flask

Name: deploying-flask
Author: 7a336e6e

backend/deploying-flask/SKILL.md

npx skillsauth add 7a336e6e/skills deploying-flask

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Clean

VirusTotalMulti-engine malware detection

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Deploying Flask

Goal

Deploy a hardened, production-ready Flask application served by a WSGI server (Gunicorn) behind a reverse proxy (Nginx), preferably containerized with Docker.

When to Use

When the application is ready for staging or production release.
When setting up the CI/CD pipeline for deployment.
When moving off the development server (flask run).

Instructions

1. Production Configuration

Ensure the application loads configuration from environment variables, not hardcoded files.

# config.py
import os

class Config:
    SECRET_KEY = os.environ.get('SECRET_KEY')
    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL')
    DEBUG = False
    TESTING = False

2. WSGI Server (Gunicorn)

Never use the built-in Flask development server in production. Use Gunicorn.

Create a gunicorn_config.py:

workers = 4 # 2 * CPU cores + 1
bind = "0.0.0.0:8000"
accesslog = "-"
errorlog = "-"
timeout = 120
keepalive = 5

3. Dockerization

Create a Dockerfile optimized for size and security.

FROM python:3.11-slim-buster

WORKDIR /app

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

# Run as non-root user
RUN useradd -m myuser
USER myuser

CMD ["gunicorn", "--config", "gunicorn_config.py", "app:create_app()"]

4. Reverse Proxy (Nginx)

Use Nginx to handle SSL termination, static files, and request buffering.

# nginx.conf snippet
server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://flask_app:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Constraints

✅ Do

Always use a WSGI server like Gunicorn or uWSGI.
Run the application as a non-root user inside the container.
Pin dependencies in requirements.txt with exact versions.
Set FLASK_ENV (or FLASK_DEBUG) to production (or 0).
Use environment variables for all secrets (API keys, DB passwords).
Health check endpoints (/health) should verify DB connectivity.

❌ Don't

DO NOT use flask run in production. It is single-threaded and not secure.
DO NOT commit .env files to the repository.
DO NOT expose the Gunicorn port directly to the public internet; always use a reverse proxy.
DO NOT use the default latest tag for base images; pin to a specific version (e.g., python:3.11-slim).

Output Format

Dockerfile
gunicorn_config.py
docker-compose.yml (optional, for orchestration)
Updated requirements.txt with gunicorn

Dependencies

../scaffolding-flask/SKILL.md
../../shared/environment-config/SKILL.md

7a336e6e/deploying-flask

backend/deploying-flask/SKILL.md

Prepare and deploy the Flask application to a production environment using Gunicorn, Docker, and Nginx.

1 stars

devops

Updated Mar 25, 2026

$ install --global

skillsauth

npx skillsauth add 7a336e6e/skills deploying-flask

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

4 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Clean

VirusTotalMulti-engine malware detection

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 26, 2026, 12:43 AM141.2s2 files scanned

SKILL.md

name:: deploying-flask
description:: Prepare and deploy the Flask application to a production environment using Gunicorn, Docker, and Nginx.

Deploying Flask

Goal

Deploy a hardened, production-ready Flask application served by a WSGI server (Gunicorn) behind a reverse proxy (Nginx), preferably containerized with Docker.

When to Use

When the application is ready for staging or production release.
When setting up the CI/CD pipeline for deployment.
When moving off the development server (flask run).

Instructions

1. Production Configuration

Ensure the application loads configuration from environment variables, not hardcoded files.

# config.py
import os

class Config:
    SECRET_KEY = os.environ.get('SECRET_KEY')
    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL')
    DEBUG = False
    TESTING = False

2. WSGI Server (Gunicorn)

Never use the built-in Flask development server in production. Use Gunicorn.

Create a gunicorn_config.py:

workers = 4 # 2 * CPU cores + 1
bind = "0.0.0.0:8000"
accesslog = "-"
errorlog = "-"
timeout = 120
keepalive = 5

3. Dockerization

Create a Dockerfile optimized for size and security.

FROM python:3.11-slim-buster

WORKDIR /app

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

# Run as non-root user
RUN useradd -m myuser
USER myuser

CMD ["gunicorn", "--config", "gunicorn_config.py", "app:create_app()"]

4. Reverse Proxy (Nginx)

Use Nginx to handle SSL termination, static files, and request buffering.

# nginx.conf snippet
server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://flask_app:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Constraints

✅ Do

Always use a WSGI server like Gunicorn or uWSGI.
Run the application as a non-root user inside the container.
Pin dependencies in requirements.txt with exact versions.
Set FLASK_ENV (or FLASK_DEBUG) to production (or 0).
Use environment variables for all secrets (API keys, DB passwords).
Health check endpoints (/health) should verify DB connectivity.

❌ Don't

DO NOT use flask run in production. It is single-threaded and not secure.
DO NOT commit .env files to the repository.
DO NOT expose the Gunicorn port directly to the public internet; always use a reverse proxy.
DO NOT use the default latest tag for base images; pin to a specific version (e.g., python:3.11-slim).

Output Format

Dockerfile
gunicorn_config.py
docker-compose.yml (optional, for orchestration)
Updated requirements.txt with gunicorn

Dependencies

../scaffolding-flask/SKILL.md
../../shared/environment-config/SKILL.md

Related Skills

7a336e6e/Test Driven Development

development

VerifiedTrustedCommunity

Implement features using the Red-Green-Refactor cycle to ensure testability and correctness from the start.

1SKILL.mdUpdated Mar 25, 2026

7a336e6e/Test Driven Development

7a336e6e/task-tracking

data-ai

VerifiedTrustedCommunity

Manage the `tasks.md` ledger with strict locking and collision avoidance protocols to allow multiple agents to work in parallel safely.

1SKILL.mdUpdated Mar 25, 2026

7a336e6e/task-tracking

7a336e6e/git-workflow

development

VerifiedTrustedCommunity

The git-workflow skill defines branching conventions, commit message formats, and pull request standards that all agents must follow for consistent version control.

1SKILL.mdUpdated Mar 25, 2026

7a336e6e/git-workflow

7a336e6e/environment-config

development

VerifiedTrustedCommunity

The environment-config skill standardizes how agents manage environment variables, secrets, and application configuration across local development and deployed environments.

1SKILL.mdUpdated Mar 25, 2026

7a336e6e/environment-config

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/7a336e6e/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/backend/deploying-flask ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

7a336e6e/skills

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT