On Fri, Jan 07 2022 at 12:51:48 PM, Skip Montanaro <skip.montan...@gmail.com> wrote: > Hopefully some Pythonistas are also Gunicornistas. I've had little success > finding help with a small dilemma in the docs or in other more specific > sources. > > I'm testing out a new, small website. It is just Gunicorn+Flask. I'd like > to both listen for HTTP and HTTPS connections. Accordingly, in my config, I > have the Gunicorn process bind to both ports 80 and 443 if running as root: > > if IAM_ROOT: > bind = [ > '0.0.0.0:443', > '0.0.0.0:80', > ] > else: > bind = [ > '0.0.0.0:8080', > ] > > Gunicorn listens on both ports, but insists on SSL/TLS chit chat over port > 80, not just port 443 (which seems to work okay). Is there some magic > incantation to get it to just talk HTTP on port 80, or will I need to spin > up two instances? (The non-root config works fine - plain old HTTP over > port 8080.) >
It is not possible to do this. The ssl-ness is a global configuration, and will apply to all of the listening sockets gunicorn creates. To get what you want, you need to run multiple instances, as you say, if you can run those safely. The recommended way to deploy gunicorn, though, is to front it with a reverse proxy such as nginx. You'd configure nginx (or whatever proxy you choose) to listen on the interfaces/ports you want, and enable/disable TLS as required. Example for configuring nginx is at https://docs.gunicorn.org/en/latest/deploy.html, although that particular example does not talk about TLS. -- regards, kushal -- https://mail.python.org/mailman/listinfo/python-list
