I have an nginx server with an SSL certificate installed. I want to pass any requests upstream to my Gunicorn server running at 0.0.0.0:8000
. However, whenever I run the Gunicorn server, it gives me an error saying that there's too many redirect loops. If I run gunicorn over https, then the connection WILL become secure, but it won't connect to the gunicorn server and it'll just say bad gateway
. Also, here is the error I get when attempting to connect while running gunicorn with https:
Traceback (most recent call last):
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/arbiter.py", line 515, in spawn_worker
worker.init_process()
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/base.py", line 126, in init_process
self.run()
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 119, in run
self.run_for_one(timeout)
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 66, in run_for_one
self.accept(listener)
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 30, in accept
self.handle(listener, client, addr)
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 141, in handle
self.handle_error(req, client, addr, e)
File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/base.py", line 213, in handle_error
self.log.exception("Error handling request %s", req.uri)
AttributeError: 'NoneType' object has no attribute 'uri'
[2016-01-01 15:37:45 +0000] [935] [INFO] Worker exiting (pid: 935)
[2016-01-01 20:37:45 +0000] [938] [INFO] Booting worker with pid: 938
[2016-01-01 15:37:46 +0000] [938] [ERROR] Exception in worker process:
Here is my nginx configuration:
server {
# port to listen on. Can also be set to an IP:PORT
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/pyhub_crt.crt;
ssl_certificate_key /etc/ssl/pyhub.key;
server_name www.pyhub.co;
server_name_in_redirect off;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /opt/bitnami/nginx/logs/error.log;
location /E0130777F7D5B855A4C5DEB138808515.txt {
root /home/bitnami;
}
location / {
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-SSL-Protocal $ssl_protocol;
proxy_connect_timeout 10;
proxy_read_timeout 10;
proxy_redirect http:// $scheme://;
proxy_pass http://localhost:8000;
}
Best Answer
If gunicorn is bound to 0.0.0.0 it is bound to all interfaces, therefore it is already exposed to the outside interface. If nginx tries to bind to the any interface on the same port it will fail.
Gunicorn should be bound to a specific ip or better 127.0.0.1 so it is only bound to the internal ip.
Sesond, you say you want to pass https to gunicorn, but the traffic is protected with SSL to your proxy which has the certificates, that is ngninx. After that, the traffic is in clear internally (i.e. it is http) to gunicorn, unless you also have SSL setup on gunicorn.
So, your nginx config should have:
my nginx proxy config for SSL is something like this: