Running gunicorn on https?

https ssl gunicorn

We've got a few Django setups that go through a proxy (Apache and Nginx) that eventually make their way to the actual Django runtime.

We need to have HTTPS end to end even once it's in our network. We've been revisiting Gunicorn due to its success and performance in our other setups, but needed to test with HTTPS end to end to be consistent.

Our topology is as such:

https://foo.com -> [Public facing proxy] -> (https) -> [internal server https://192...:8001]

How does one configure Gunicorn to listen on HTTPS with a self signed certificate?


Gunicorn now supports SSL, as of version 17.0. You can configure it to listen on https like this:

$ gunicorn --certfile=server.crt --keyfile=server.key test:app

If you were using --bind to listen on port 80, remember to change the port to 443 (the default port for HTTPS connections). For example:

$ gunicorn --certfile=server.crt --keyfile=server.key --bind 0.0.0.0:443 test:app

Massively late reply, but for anyone else coming across this, there's another option using nginx as the "[Public facing proxy]" above.

Configure nginx to handle the incoming SSL traffic on port 443, and then proxy_pass to gunicorn on an internal port. External traffic is encrypted, and the traffic between nginx and gunicorn isn't exposed anyway. I find this very simple to manage.

Related

Suppressing Output MATLAB
I have 20.04.3 but the lastest downloadable version is 20.04.2. What's the .3? [duplicate]
Ubuntu only starts with black screen on current kernel version (5.11.0-25-generic)
Ubuntu 16.04 - only connecting to ethernet, no wifi option
Is RPM on Ubuntu a thing now?
How do I put two Ubuntu OSes on the same hard drive?
Can't watch Udemy on Ubuntu 20.04
Change lockscreen in MATE?
Hardinfo Doesn't display anything in the storage section
Creation of a simple script that renames a file picking randomly from a group of files
Nordvpn Prevents Printing
memory empty but swap full?