release: prepare 24.1.0

- Bump version to 24.1.0
- Add PROXY protocol v2 documentation to deploy guide
- Add 24.1.0 changelog with new features and bug fixes
- Update all docs.gunicorn.org URLs to gunicorn.org
This commit is contained in:
Benoit Chesneau 2026-01-23 18:47:17 +01:00
parent f3190f84cc
commit 7894d1c170
11 changed files with 156 additions and 14 deletions

View File

@ -9,7 +9,7 @@ body:
**Before submitting, please:**
- Search [existing discussions](https://github.com/benoitc/gunicorn/discussions) and [issues](https://github.com/benoitc/gunicorn/issues) for duplicates
- Check the [FAQ](https://docs.gunicorn.org/en/latest/faq.html) and [documentation](https://docs.gunicorn.org/)
- Check the [FAQ](https://gunicorn.org/faq/) and [documentation](https://gunicorn.org/)
- type: dropdown
id: type

View File

@ -6,9 +6,9 @@ body:
Have a question about Gunicorn?
Before asking, please check:
- [Documentation](https://docs.gunicorn.org/)
- [FAQ](https://docs.gunicorn.org/en/latest/faq.html)
- [Settings Reference](https://docs.gunicorn.org/en/latest/settings.html)
- [Documentation](https://gunicorn.org/)
- [FAQ](https://gunicorn.org/faq/)
- [Settings Reference](https://gunicorn.org/reference/settings/)
- [Existing discussions](https://github.com/benoitc/gunicorn/discussions)
- type: textarea

View File

@ -29,7 +29,7 @@
## 0.15.0 / 2012-10-18
- new documentation site on http://docs.gunicorn.org
- new documentation site on https://gunicorn.org
- new website on http://gunicorn.org
- add `haproxy PROXY protocol <http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt>`_ support
- add ForwardedAllowIPS option: allows to filter Front-end's IPs

View File

@ -80,7 +80,7 @@
### Documentation
- update faq: put a note on how `watch logs in the console
<http://docs.gunicorn.org/en/latest/faq.html#why-i-don-t-see-any-logs-in-the-console>`_
<https://gunicorn.org/faq/#why-i-dont-see-any-logs-in-the-console>`_
since many people asked for it.
@ -88,7 +88,7 @@
Gunicorn 19.0 is a major release with new features and fixes. This
version improve a lot the usage of Gunicorn with python 3 by adding `two
new workers <http://docs.gunicorn.org/en/latest/design.html#asyncio-workers>`_
new workers <https://gunicorn.org/design/#asyncio-workers>`_
to it: `gthread` a fully threaded async worker using futures and `gaiohttp` a
worker using asyncio.

View File

@ -1,6 +1,62 @@
<span id="news-2026"></span>
# Changelog - 2026
## 24.1.0 - 2026-01-23
### New Features
- **PROXY Protocol v2 Support**: Extended PROXY protocol implementation to support
the binary v2 format in addition to the existing text-based v1 format
([PR #3451](https://github.com/benoitc/gunicorn/pull/3451))
- New `--proxy-protocol` modes: `off`, `v1`, `v2`, `auto`
- `auto` mode (default when enabled) detects v1 or v2 automatically
- v2 binary format is more efficient and supports additional metadata
- Works with HAProxy, AWS NLB/ALB, and other PROXY protocol v2 sources
- **CIDR Network Support**: `--forwarded-allow-ips` and `--proxy-allow-from` now
accept CIDR notation (e.g., `192.168.0.0/16`) for specifying trusted networks
([PR #3449](https://github.com/benoitc/gunicorn/pull/3449))
- **Socket Backlog Metric**: New `gunicorn.socket.backlog` gauge metric reports
the current socket backlog size on Linux systems
([PR #3450](https://github.com/benoitc/gunicorn/pull/3450))
- **InotifyReloader Enhancement**: The inotify-based reloader now watches newly
imported modules, not just those loaded at startup
([PR #3447](https://github.com/benoitc/gunicorn/pull/3447))
### Bug Fixes
- Fix socket blocking mode on keepalive connections preventing SSL handshake
failures with async workers
([PR #3452](https://github.com/benoitc/gunicorn/pull/3452))
- Use smaller buffer size in `finish_body()` for faster timeout detection on
slow or abandoned connections
([PR #3453](https://github.com/benoitc/gunicorn/pull/3453))
- Handle `SSLWantReadError` in `finish_body()` to prevent worker hangs during
SSL renegotiation
([PR #3448](https://github.com/benoitc/gunicorn/pull/3448))
- Log SIGTERM as info level instead of warning to reduce noise in orchestrated
environments
([PR #3446](https://github.com/benoitc/gunicorn/pull/3446))
- Print exception details to stderr when worker fails to boot
([PR #3443](https://github.com/benoitc/gunicorn/pull/3443))
- Fix `unreader.unread()` to prepend data to buffer instead of appending
([PR #3442](https://github.com/benoitc/gunicorn/pull/3442))
- Prevent `RecursionError` when pickling Config objects
([PR #3441](https://github.com/benoitc/gunicorn/pull/3441))
- Use proper exception chaining with `raise from` in glogging.py
([PR #3440](https://github.com/benoitc/gunicorn/pull/3440))
---
## 24.0.0 - 2026-01-23
### New Features

View File

@ -78,6 +78,92 @@ proxy IP rather than the upstream client. To log the real client address, set
When binding Gunicorn to a UNIX socket `REMOTE_ADDR` will be empty.
## PROXY Protocol
The [PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
allows load balancers and reverse proxies to pass original client connection
information (IP address, port) to backend servers. This is especially useful
when TLS termination happens at the proxy layer.
Gunicorn supports both PROXY protocol v1 (text format) and v2 (binary format).
### Configuration
Enable PROXY protocol with the `--proxy-protocol` option:
```bash
# Auto-detect v1 or v2 (recommended)
gunicorn --proxy-protocol auto app:app
# Force v1 only (text format)
gunicorn --proxy-protocol v1 app:app
# Force v2 only (binary format, more efficient)
gunicorn --proxy-protocol v2 app:app
```
Using `--proxy-protocol` without a value is equivalent to `auto`.
!!! warning "Security"
Only enable PROXY protocol when Gunicorn is behind a trusted proxy that sends
PROXY headers. Configure [`--proxy-allow-from`](reference/settings.md#proxy_allow_ips)
to restrict which IPs can send PROXY protocol headers.
### HAProxy
HAProxy can send PROXY protocol headers to backends. Example configuration:
```haproxy
frontend https_front
bind *:443 ssl crt /etc/ssl/certs/site.pem
default_backend gunicorn_back
backend gunicorn_back
# Send PROXY protocol v2 (binary, more efficient)
server gunicorn 127.0.0.1:8000 send-proxy-v2
# Or use v1 (text format)
# server gunicorn 127.0.0.1:8000 send-proxy
```
Start Gunicorn to accept PROXY protocol:
```bash
gunicorn -b 127.0.0.1:8000 --proxy-protocol v2 --proxy-allow-from 127.0.0.1 app:app
```
### stunnel
[stunnel](https://www.stunnel.org/) can terminate TLS and forward connections
with PROXY protocol headers:
```ini
# /etc/stunnel/stunnel.conf
[https]
accept = 443
connect = 127.0.0.1:8000
cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.key
protocol = proxy
```
The `protocol = proxy` directive tells stunnel to prepend PROXY protocol v1
headers to forwarded connections.
### AWS/ELB
AWS Network Load Balancers (NLB) and Application Load Balancers (ALB) support
PROXY protocol v2. Enable it in the target group settings, then configure
Gunicorn:
```bash
gunicorn --proxy-protocol v2 --proxy-allow-from '*' app:app
```
!!! note
When using `--proxy-allow-from '*'` ensure Gunicorn is not directly
accessible from the internet—only through the load balancer.
## Using virtual environments
Install Gunicorn inside your project

View File

@ -1179,7 +1179,7 @@ Example for stunnel config::
cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.key
!!! info "Changed in 24.0.0"
!!! info "Changed in 24.1.0"
Extended to support version selection (v1, v2, auto).
### `proxy_allow_ips`

View File

@ -34,14 +34,14 @@ backlog = 2048
# worker_class - The type of workers to use. The default
# sync class should handle most 'normal' types of work
# loads. You'll want to read
# http://docs.gunicorn.org/en/latest/design.html#choosing-a-worker-type
# https://gunicorn.org/design/#choosing-a-worker-type
# for information on when you might want to choose one
# of the other worker classes.
#
# A string referring to a Python path to a subclass of
# gunicorn.workers.base.Worker. The default provided values
# can be seen at
# http://docs.gunicorn.org/en/latest/settings.html#worker-class
# https://gunicorn.org/reference/settings/#worker_class
#
# worker_connections - For the eventlet and gevent worker classes
# this limits the maximum number of simultaneous clients that

View File

@ -2,7 +2,7 @@
# This file is part of gunicorn released under the MIT license.
# See the NOTICE for more information.
version_info = (24, 0, 0)
version_info = (24, 1, 0)
__version__ = ".".join([str(v) for v in version_info])
SERVER = "gunicorn"
SERVER_SOFTWARE = "%s/%s" % (SERVER, __version__)

View File

@ -2143,7 +2143,7 @@ class ProxyProtocol(Setting):
cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.key
.. versionchanged:: 24.0.0
.. versionchanged:: 24.1.0
Extended to support version selection (v1, v2, auto).
"""

View File

@ -41,10 +41,10 @@ dynamic = ["version"]
[project.urls]
Homepage = "https://gunicorn.org"
Documentation = "https://docs.gunicorn.org"
Documentation = "https://gunicorn.org"
"Issue tracker" = "https://github.com/benoitc/gunicorn/issues"
"Source code" = "https://github.com/benoitc/gunicorn"
Changelog = "https://docs.gunicorn.org/en/stable/news.html"
Changelog = "https://gunicorn.org/news/"
[project.optional-dependencies]
gevent = ["gevent>=24.10.1"]