Running Gunicorn on both http and https

Question

When I start my Gunicorn service, I currently use this command to start it up:

gunicorn --certfile=/Projects/thebodyofchrist.us.crt --keyfile=/Projects/thebodyofchrist.us.key bodyofchrist.wsgi -b 0.0.0.0:443 -b 0.0.0.0:80 -w 10

For binding gunicorn to both http and https -- or setup apache2 to listen to http and redirect requests to https with existing parameters. I have hundreds of links to the http://example.com/sample/request and need it to automatically go to https://example.com/sample/request

gunicorn is hosting django.

Thanks for any help!

score 9 · Answer 1 · answered Nov 14 '17 at 14:07

9

Gunicorn is a very solid project, I hope they build it out someday with multiple port binding and command line switch to indicate SSL precedence.

When you finally get in production, you'll want to use the superior load balancing of Apache or Nginx.

But nothing prevents you (during development) from running some workers bound to port 80 and some workers bound to port 443 with keyfile and certfile set. You could then write the login link as an "absolute" url e.g. href="https://yoursite/login" after the login, they'd be using https urls.

#!/bin/sh
# put 8 workers as Daemon listening for HTTPS on 443
gunicorn -D -w 8 --certfile=/Projects/thebodyofchrist.us.crt --keyfile=/Projects/thebodyofchrist.us.key bodyofchrist.wsgi -b 0.0.0.0:443

# put 2 workers as Daemon listening for HTTP on port 80
gunicorn -D -w 2 bodyofchrist.wsgi -b 0.0.0.0:80

answered Nov 14 '17 at 14:07

Jeff

91
1
3

2

Now how do you redirect alll http traffic to https? – NoName Oct 29 '20 at 08:10
it depends on the framework you are using. For example if you use FastAPI or starlette. There is a Middleware that can do this: HTTPSRedirectMiddleware it just redirect using different schema and port number. Take a look on the code here maybe it can help you https://github.com/encode/starlette/blob/059b9894946c85366b777b8d3d724e046cd2e875/starlette/middleware/httpsredirect.py – Mohamed Amine Ouali Nov 11 '20 at 23:16
I am not sure if it is the best option to run a worker that only redirect request from http to https. – Mohamed Amine Ouali Nov 11 '20 at 23:18
When it is running first line, will it every reach line 2? – Anirban Saha Oct 28 '21 at 09:08

score 2 · Answer 2 · answered Jun 09 '20 at 00:09

2

Multiple addresses can be bound. ex.:

gunicorn -b 127.0.0.1:8000 -b [::1]:8000 test:app

https://docs.gunicorn.org/en/stable/settings.html?highlight=bind#server-socket

so you can do this

gunicorn -b :80 -b :443 test:app

answered Jun 09 '20 at 00:09

derogab

142
5

2

wouldn't that use ssl on both 443 and 80 then? – Blafasel42 Aug 03 '21 at 10:42
2

This is wrong! Doesn't work with real https with certificates! – imbr Nov 05 '21 at 11:41
Yes, it would work for https://example.com and https://example.com:80, but not for http://example.com – Александр М Aug 29 '23 at 21:38

score 1 · Answer 3 · answered May 31 '17 at 14:57

1

Such support can be added inside gunicorn. As the moment it's not possible.

https://github.com/benoitc/gunicorn/issues/1466

answered May 31 '17 at 14:57

VladV

10,093
3
32
48

score 0 · Answer 4 · answered Feb 17 '23 at 23:50

0

I would do this with a reverse proxy webservice not directly with uvicorn. So Trafaek and nginx come to mind.

answered Feb 17 '23 at 23:50

Sam Marvasti

32
3

Running Gunicorn on both http and https

4 Answers4

Linked