Getting Gunicorn to run on port 80
Question:
I built an API with flask. My app does not have any static assets hence there’s no reason for me to use nginx.
I wish to run gunicorn on port 80.
I have a “deploy script”:
mkdir .log 2> /dev/null
DEBUG=0 gunicorn -b 0.0.0.0:80 backend:app --access-logfile .log/access.log --error-logfile .log/general.log
I wish to run gunicorn on port 80 with authbind. I followed this guide here.
Note that I am able to run authbind python -m SimpleHTTPServer 80
When I try to run authbind ./deployment.run 80,
I am seeing the following error:
2013-04-25 15:32:55 [24006] [ERROR] Can't connect to ('0.0.0.0', 80)
2013-04-25 15:33:08 [24018] [INFO] Starting gunicorn 0.17.4
2013-04-25 15:33:08 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:09 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:10 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:11 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:12 [24018] [ERROR] Retrying in 1 second.
Any ideas why I am unable to bind gunicorn to port 80?
Any recommendations?
Answers:
If you are on a unix-like environment, ports < 1024 (like 80) will require superuser privileges.
Try putting authbind inside your deployment script, e.g.:
mkdir .log 2> /dev/null
DEBUG=0 authbind gunicorn -b 0.0.0.0:80 backend:app --access-logfile .log/access.log --error-logfile .log/general.log
Then just run ./deployment.run 80.
(Also, your script doesn’t seem to be using any parameters; perhaps replace 80 in your script with $1?)
You can use authbind to achieve this.
Install authbind
sudo apt-get install authbind
Then use auth bind to modify port 80 to make sure that port 80 can be used by non-superusers (aka without superuser privileges). Here are the three commands you can use to achieve this.
sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown USER /etc/authbind/byport/80
USER – can be any user on your system like bhatman or ubuntu or ec2-user.
NOTE: just change 80 to any desired port and it will work for any port. Use this responsibly my friend. 🙂
Now your gunicorn command will look something like this:
authbind gunicorn -c gunicorn.conf wsgi:app
Just append authbind before your gunicorn command
BONUS: If you are using some command before the gunicorn like newrelic etc, then you need to add –deep flag after authbind
authbind --deep newrelic-admin run-program gunicorn -c gunicorn.conf wsgi:app
for more info about authbind checkout its ubuntu manpage: here
But before running these commands blindly I would suggest you to read the following points.
- Gunicorn is an appplication server and is not meant to serve the request directly there it is better to use it behind a web server like Nginx or AWS ALB etc.
- Ports less than 1024 are privileged ports and should not be opened or used just like that, you should have a strong reason to run applications on such ports.
NGINX is not a necessity for gunicorn, you can use any web server. Your architecture should always look something like this.
WEB SERVER (NGINX, AWS ALB etc) -> APPLICATION SERVER (Gunicorn, uWsgi etc) -> Application (Flask, Django etc)
Hope this helps you.
I built an API with flask. My app does not have any static assets hence there’s no reason for me to use nginx.
I wish to run gunicorn on port 80.
I have a “deploy script”:
mkdir .log 2> /dev/null
DEBUG=0 gunicorn -b 0.0.0.0:80 backend:app --access-logfile .log/access.log --error-logfile .log/general.log
I wish to run gunicorn on port 80 with authbind. I followed this guide here.
Note that I am able to run authbind python -m SimpleHTTPServer 80
When I try to run authbind ./deployment.run 80,
I am seeing the following error:
2013-04-25 15:32:55 [24006] [ERROR] Can't connect to ('0.0.0.0', 80)
2013-04-25 15:33:08 [24018] [INFO] Starting gunicorn 0.17.4
2013-04-25 15:33:08 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:09 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:10 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:11 [24018] [ERROR] Retrying in 1 second.
2013-04-25 15:33:12 [24018] [ERROR] Retrying in 1 second.
Any ideas why I am unable to bind gunicorn to port 80?
Any recommendations?
If you are on a unix-like environment, ports < 1024 (like 80) will require superuser privileges.
Try putting authbind inside your deployment script, e.g.:
mkdir .log 2> /dev/null
DEBUG=0 authbind gunicorn -b 0.0.0.0:80 backend:app --access-logfile .log/access.log --error-logfile .log/general.log
Then just run ./deployment.run 80.
(Also, your script doesn’t seem to be using any parameters; perhaps replace 80 in your script with $1?)
You can use authbind to achieve this.
Install authbind
sudo apt-get install authbind
Then use auth bind to modify port 80 to make sure that port 80 can be used by non-superusers (aka without superuser privileges). Here are the three commands you can use to achieve this.
sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown USER /etc/authbind/byport/80
USER – can be any user on your system like bhatman or ubuntu or ec2-user.
NOTE: just change 80 to any desired port and it will work for any port. Use this responsibly my friend. 🙂
Now your gunicorn command will look something like this:
authbind gunicorn -c gunicorn.conf wsgi:app
Just append authbind before your gunicorn command
BONUS: If you are using some command before the gunicorn like newrelic etc, then you need to add –deep flag after authbind
authbind --deep newrelic-admin run-program gunicorn -c gunicorn.conf wsgi:app
for more info about authbind checkout its ubuntu manpage: here
But before running these commands blindly I would suggest you to read the following points.
- Gunicorn is an appplication server and is not meant to serve the request directly there it is better to use it behind a web server like Nginx or AWS ALB etc.
- Ports less than 1024 are privileged ports and should not be opened or used just like that, you should have a strong reason to run applications on such ports.
NGINX is not a necessity for gunicorn, you can use any web server. Your architecture should always look something like this.
WEB SERVER (NGINX, AWS ALB etc) -> APPLICATION SERVER (Gunicorn, uWsgi etc) -> Application (Flask, Django etc)
Hope this helps you.