Gunicorn - HTTP and HTTPS in the same instance?
Kirill Ratkin
kvratkin at yandex.ru
Sat Jan 8 08:17:25 EST 2022
Hi.
You probably can solve issue on Gunicorn side. But afaik better solution is to use http proxy before Gunicorn. This proxy accepts https connection and proxy requests to Gunicorn instances as plain http.
This approach gives you:
a) Monitoring on network layer (tcpdump/wireshark shows you req/res on Gunicorn instance)
b) Scalability (proxy can spread traffic on several Gunicorn instances)
c) Maintenance (you can gracefully shutdown/restart Gunicorn instances one by one)
d) Security (For example SSL certificate is configured in proxy only. There are another useful features which such proxy can do: simple authentication, ddos/fail2ban and so on)
Quite often NGINX is better choice for such proxy. But apache is good as well.
Best regards.
Kirill
От: Skip Montanaro
Отправлено: 7 января 2022 г. в 21:54
Кому: Python
Тема: Gunicorn - HTTP and HTTPS in the same instance?
Hopefully some Pythonistas are also Gunicornistas. I've had little success
finding help with a small dilemma in the docs or in other more specific
sources.
I'm testing out a new, small website. It is just Gunicorn+Flask. I'd like
to both listen for HTTP and HTTPS connections. Accordingly, in my config, I
have the Gunicorn process bind to both ports 80 and 443 if running as root:
if IAM_ROOT:
bind = [
'0.0.0.0:443',
'0.0.0.0:80',
]
else:
bind = [
'0.0.0.0:8080',
]
Gunicorn listens on both ports, but insists on SSL/TLS chit chat over port
80, not just port 443 (which seems to work okay). Is there some magic
incantation to get it to just talk HTTP on port 80, or will I need to spin
up two instances? (The non-root config works fine - plain old HTTP over
port 8080.)
Thx,
Skip
--
https://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list