Gunicorn is a Python WSGI HTTP Server for UNIX. The Gunicorn server is light on server resources, and fairly speedy.
If you find Apache’s
mod_wsgi to be a headache or want to use NGINX (or some other webserver), then Gunicorn could be for you. There are a number of other WSGI server options out there and this documentation should be enough for you to piece together how to get them working with your environment.
Check out the full Gunicorn docs.
The page contains additional steps on how to setup and configure Gunicorn that are not required for users who decide to stick with the default Gunicorn configuration as described in the main installation guide for AA.
Setting up Gunicorn
- If you’re using a virtual environment, activate it now::
sudo su allianceserver source /home/allianceserver/venv/auth/bin/activate
Install Gunicorn using pip
pip install gunicorn
myauth base directory, try running
gunicorn --bind 0.0.0.0:8000 myauth.wsgi. You should be able to browse to
http://yourserver:8000 and see your Alliance Auth installation running. Images and styling will be missing, but don’t worry, your web server will provide them.
Once you validate its running, you can kill the process with Ctrl+C and continue.
Running Gunicorn with Supervisor
If you are following this guide, we already use Supervisor to keep all of Alliance Auth components running. You don’t have to but we will be using it to start and run Gunicorn for consistency.
Sample Supervisor config
You’ll want to edit
/etc/supervisor/conf.d/myauth.conf (or whatever you want to call the config file)
[program:gunicorn] user = allianceserver directory=/home/allianceserver/myauth/ command=/home/allianceserver/venv/auth/bin/gunicorn myauth.wsgi --workers=3 --timeout 120 stdout_logfile=/home/allianceserver/myauth/log/gunicorn.log stderr_logfile=/home/allianceserver/myauth/log/gunicorn.log autostart=true autorestart=true stopsignal=INT
gunicornto whatever you wish to call your process in Supervisor.
user = allianceserver- Change to whatever user you wish Gunicorn to run as. You could even set this as allianceserver if you wished. I’ll leave the question security of that up to you.
directory=/home/allianceserver/myauth/- Needs to be the path to your Alliance Auth project.
command=/home/allianceserver/venv/auth/bin/gunicorn myauth.wsgi --workers=3 --timeout 120- Running Gunicorn and the options to launch with. This is where you have some decisions to make, we’ll continue below.
Where to bind Gunicorn to
What address are you going to use to reference it? By default, without a bind parameter, Gunicorn will bind to
127.0.0.1:8000. This might be fine for your application. If it clashes with another application running on that port you will need to change it. I would suggest using UNIX sockets too, if you can.
For UNIX sockets add
--bind=unix:/run/allianceauth.sock (or to a path you wish to use). Remember that your web server will need to be able to access this socket file.
For a TCP address add
--bind=127.0.0.1:8001 (or to the address/port you wish to use, but I would strongly advise against binding it to an external address).
Whatever you decide to use, remember it because we’ll need it when configuring your webserver.
Number of workers
By default Gunicorn will spawn only one worker. The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests
(2 x $num_cores) + 1 for the number of workers. So for example if you have 2 cores you want 2 x 2 + 1 = 5 workers. See here for the official discussion on this topic.
Change it by adding
--workers=5 to the command.
Running with a virtual environment
Following this guide, you are running with a virtual environment. Therefore you’ll need to add the path to the
command= config line.
The example config is using the myauth venv from the main installation guide:
Starting via Supervisor
Once you have your configuration all sorted, you will need to reload your supervisor config
service supervisor reload and then you can start the Gunicorn server via
supervisorctl start myauth:gunicorn (or whatever you renamed it to). You should see something like the following
myauth-gunicorn: started. If you get some other message, you’ll need to consult the Supervisor log files, usually found in
Configuring your webserver
Any web server capable of proxy passing should be able to sit in front of Gunicorn. Consult their documentation armed with your
--bind= address and you should be able to find how to do it relatively easy.
In the past when you made changes you restarted the entire Apache server. This is no longer required. When you update or make configuration changes that ask you to restart Apache, instead you can just restart Gunicorn:
supervisorctl restart myauth:gunicorn