Running Gunicorn on both http and https

Question

When I start my Gunicorn service, I currently use this command to start it up:

gunicorn --certfile=/Projects/thebodyofchrist.us.crt --keyfile=/Projects/thebodyofchrist.us.key bodyofchrist.wsgi -b 0.0.0.0:443 -b 0.0.0.0:80 -w 10

For binding gunicorn to both http and https -- or setup apache2 to listen to http and redirect requests to https with existing parameters. I have hundreds of links to the http://example.com/sample/request and need it to automatically go to https://example.com/sample/request

gunicorn is hosting django.

Thanks for any help!

Answer 1

I would do this with a reverse proxy webservice not directly with uvicorn. So Trafaek and nginx come to mind.

Answer 2

Multiple addresses can be bound. ex.:

gunicorn -b 127.0.0.1:8000 -b [::1]:8000 test:app

https://docs.gunicorn.org/en/stable/settings.html?highlight=bind#server-socket

so you can do this

gunicorn -b :80 -b :443 test:app

Answer 3

Gunicorn is a very solid project, I hope they build it out someday with multiple port binding and command line switch to indicate SSL precedence.

When you finally get in production, you'll want to use the superior load balancing of Apache or Nginx.

But nothing prevents you (during development) from running some workers bound to port 80 and some workers bound to port 443 with keyfile and certfile set. You could then write the login link as an "absolute" url e.g. href="https://yoursite/login" after the login, they'd be using https urls.

#!/bin/sh
# put 8 workers as Daemon listening for HTTPS on 443
gunicorn -D -w 8 --certfile=/Projects/thebodyofchrist.us.crt --keyfile=/Projects/thebodyofchrist.us.key bodyofchrist.wsgi -b 0.0.0.0:443

# put 2 workers as Daemon listening for HTTP on port 80
gunicorn -D -w 2 bodyofchrist.wsgi -b 0.0.0.0:80

Answer 4

Such support can be added inside gunicorn. As the moment it's not possible.

https://github.com/benoitc/gunicorn/issues/1466