-
Notifications
You must be signed in to change notification settings - Fork 15
systemd nginx gunicorn
Julien Castiaux edited this page Feb 13, 2021
·
4 revisions
systemd gunicorn@.socket
[Unit]
Description=Python WSGI HTTP Server for UNIX
[Socket]
SocketUser=gunicorn
SocketGroup=www-data
ListenStream=/run/gunicorn/%i.sock
DirectoryMode=755
SocketMode=770
[Install]
WantedBy=sockets.target
systemd gunicorn@.service
[Unit]
Description=Python WSGI HTTP Server for UNIX
After=network.target syslog.target
Requires=gunicorn@%i.socket
[Service]
Type=notify
User=gunicorn
Group=www-data
ExecStart=/usr/local/bin/gunicorn --config /etc/gunicorn/%i.py --bind unix:/run/gunicorn/%i.sock %i:app
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
EnvironmentFile=/etc/gunicorn/%i.env
Restart=on-failure
RestartSec=30s
RuntimeDirectory=gunicorn
RuntimeDirectoryMode=0755
RuntimeDirectoryPreserve=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target
nginx readthedocs
upstream bin {
server unix:/run/gunicorn/bin.sock;
}
server {
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
server_name bin.readthedocs.fr;
ssl_certificate /etc/letsencrypt/live/bin.readthedocs.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bin.readthedocs.fr/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bin.readthedocs.fr/chain.pem;
add_header Strict-Transport-Security max-age=15768000 always; # 6 months
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy strict-origin always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://bin;
}
location = /favicon.ico {
return 404;
}
location /assets/ {
root /usr/local/lib/python3.7/dist-packages/bin/;
expires 10m;
}
}
bin bin.conf
RTDBIN_MAXSIZE=16kiB
RTDBIN_DEFAULT_LANGUAGE=text
RTDBIN_DEFAULT_MAXUSAGE=0
RTDBIN_DEFAULT_LIFETIME=0
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=0