mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 10:11:30 +08:00
1974 lines
50 KiB
Markdown
1974 lines
50 KiB
Markdown
> **Generated file** — update `gunicorn/config.py` instead.
|
|
|
|
# Settings
|
|
|
|
This reference is built directly from `gunicorn.config.KNOWN_SETTINGS` and is
|
|
regenerated during every documentation build.
|
|
|
|
!!! note
|
|
Settings can be provided through the `GUNICORN_CMD_ARGS` environment
|
|
variable. For example:
|
|
|
|
```console
|
|
$ GUNICORN_CMD_ARGS="--bind=127.0.0.1 --workers=3" gunicorn app:app
|
|
```
|
|
|
|
_Added in 19.7._
|
|
|
|
|
|
<span id="blocking_os_fchmod"></span>
|
|
|
|
## Config File
|
|
|
|
### `config`
|
|
|
|
**Command line:** `-c CONFIG`, `--config CONFIG`
|
|
|
|
**Default:** `'./gunicorn.conf.py'`
|
|
|
|
[The Gunicorn config file](../configure.md#configuration-file).
|
|
|
|
A string of the form ``PATH``, ``file:PATH``, or ``python:MODULE_NAME``.
|
|
|
|
Only has an effect when specified on the command line or as part of an
|
|
application specific configuration.
|
|
|
|
By default, a file named ``gunicorn.conf.py`` will be read from the same
|
|
directory where gunicorn is being run.
|
|
|
|
!!! info "Changed in 19.4"
|
|
Loading the config from a Python module requires the ``python:``
|
|
prefix.
|
|
|
|
### `wsgi_app`
|
|
|
|
**Default:** `None`
|
|
|
|
A WSGI application path in pattern ``$(MODULE_NAME):$(VARIABLE_NAME)``.
|
|
|
|
!!! info "Added in 20.1.0"
|
|
|
|
## Control
|
|
|
|
### `control_socket`
|
|
|
|
**Command line:** `--control-socket PATH`
|
|
|
|
**Default:** `'/run/gunicorn.ctl'`
|
|
|
|
Unix socket path for control interface.
|
|
|
|
The control socket allows runtime management of Gunicorn via the
|
|
``gunicornc`` command-line tool. Commands include viewing worker
|
|
status, adjusting worker count, and graceful reload/shutdown.
|
|
|
|
By default, creates ``/run/gunicorn.ctl`` (requires write access to
|
|
``/run``). For user-level deployments, specify a different path such
|
|
as ``/tmp/gunicorn.ctl`` or ``~/.gunicorn.ctl``.
|
|
|
|
Use ``--no-control-socket`` to disable.
|
|
|
|
!!! info "Added in 25.1.0"
|
|
|
|
### `control_socket_mode`
|
|
|
|
**Command line:** `--control-socket-mode INT`
|
|
|
|
**Default:** `384`
|
|
|
|
Permission mode for control socket.
|
|
|
|
Restricts who can connect to the control socket. Default ``0600``
|
|
allows only the socket owner. Set to ``0660`` to allow group access.
|
|
|
|
!!! info "Added in 25.1.0"
|
|
|
|
### `control_socket_disable`
|
|
|
|
**Command line:** `--no-control-socket`
|
|
|
|
**Default:** `False`
|
|
|
|
Disable control socket.
|
|
|
|
When set, no control socket is created and ``gunicornc`` cannot
|
|
connect to this Gunicorn instance.
|
|
|
|
!!! info "Added in 25.1.0"
|
|
|
|
## Debugging
|
|
|
|
### `reload`
|
|
|
|
**Command line:** `--reload`
|
|
|
|
**Default:** `False`
|
|
|
|
Restart workers when code changes.
|
|
|
|
This setting is intended for development. It will cause workers to be
|
|
restarted whenever application code changes.
|
|
|
|
The reloader is incompatible with application preloading. When using a
|
|
paste configuration be sure that the server block does not import any
|
|
application code or the reload will not work as designed.
|
|
|
|
The default behavior is to attempt inotify with a fallback to file
|
|
system polling. Generally, inotify should be preferred if available
|
|
because it consumes less system resources.
|
|
|
|
!!! note
|
|
In order to use the inotify reloader, you must have the ``inotify``
|
|
package installed.
|
|
|
|
!!! warning
|
|
Enabling this will change what happens on failure to load the
|
|
the application: While the reloader is active, any and all clients
|
|
that can make requests can see the full exception and traceback!
|
|
|
|
### `reload_engine`
|
|
|
|
**Command line:** `--reload-engine STRING`
|
|
|
|
**Default:** `'auto'`
|
|
|
|
The implementation that should be used to power [reload](#reload).
|
|
|
|
Valid engines are:
|
|
|
|
* ``'auto'``
|
|
* ``'poll'``
|
|
* ``'inotify'`` (requires inotify)
|
|
|
|
!!! info "Added in 19.7"
|
|
|
|
### `reload_extra_files`
|
|
|
|
**Command line:** `--reload-extra-file FILES`
|
|
|
|
**Default:** `[]`
|
|
|
|
Extends [reload](#reload) option to also watch and reload on additional files
|
|
(e.g., templates, configurations, specifications, etc.).
|
|
|
|
!!! info "Added in 19.8"
|
|
|
|
### `spew`
|
|
|
|
**Command line:** `--spew`
|
|
|
|
**Default:** `False`
|
|
|
|
Install a trace function that spews every line executed by the server.
|
|
|
|
This is the nuclear option.
|
|
|
|
### `check_config`
|
|
|
|
**Command line:** `--check-config`
|
|
|
|
**Default:** `False`
|
|
|
|
Check the configuration and exit. The exit status is 0 if the
|
|
configuration is correct, and 1 if the configuration is incorrect.
|
|
|
|
### `print_config`
|
|
|
|
**Command line:** `--print-config`
|
|
|
|
**Default:** `False`
|
|
|
|
Print the configuration settings as fully resolved. Implies [check-config](#check_config).
|
|
|
|
## Dirty Arbiter Hooks
|
|
|
|
### `on_dirty_starting`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def on_dirty_starting(arbiter):
|
|
pass
|
|
```
|
|
|
|
Called just before the dirty arbiter process is initialized.
|
|
|
|
The callable needs to accept a single instance variable for the
|
|
DirtyArbiter.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_post_fork`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def dirty_post_fork(arbiter, worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a dirty worker has been forked.
|
|
|
|
The callable needs to accept two instance variables for the
|
|
DirtyArbiter and new DirtyWorker.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_worker_init`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def dirty_worker_init(worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a dirty worker has initialized all applications.
|
|
|
|
The callable needs to accept one instance variable for the
|
|
DirtyWorker.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_worker_exit`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def dirty_worker_exit(arbiter, worker):
|
|
pass
|
|
```
|
|
|
|
Called when a dirty worker has exited.
|
|
|
|
The callable needs to accept two instance variables for the
|
|
DirtyArbiter and the exiting DirtyWorker.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
## Dirty Arbiters
|
|
|
|
### `dirty_apps`
|
|
|
|
**Command line:** `--dirty-app STRING`
|
|
|
|
**Default:** `[]`
|
|
|
|
Dirty applications to load in the dirty worker pool.
|
|
|
|
A list of application paths in one of these formats:
|
|
|
|
- ``$(MODULE_NAME):$(CLASS_NAME)`` - all workers load this app
|
|
- ``$(MODULE_NAME):$(CLASS_NAME):$(N)`` - only N workers load this app
|
|
|
|
Each dirty app must be a class that inherits from ``DirtyApp`` base class
|
|
and implements the ``init()``, ``__call__()``, and ``close()`` methods.
|
|
|
|
Example::
|
|
|
|
dirty_apps = [
|
|
"myapp.ml:MLApp", # All workers load this
|
|
"myapp.images:ImageApp", # All workers load this
|
|
"myapp.heavy:HugeModel:2", # Only 2 workers load this
|
|
]
|
|
|
|
The per-app worker limit is useful for memory-intensive applications
|
|
like large ML models. Instead of all 8 workers loading a 10GB model
|
|
(80GB total), you can limit it to 2 workers (20GB total).
|
|
|
|
Alternatively, you can set the ``workers`` class attribute on your
|
|
DirtyApp subclass::
|
|
|
|
class HugeModelApp(DirtyApp):
|
|
workers = 2 # Only 2 workers load this app
|
|
|
|
def init(self):
|
|
self.model = load_10gb_model()
|
|
|
|
Note: The config format (``module:Class:N``) takes precedence over
|
|
the class attribute if both are specified.
|
|
|
|
Dirty apps are loaded once when the dirty worker starts and persist
|
|
in memory for the lifetime of the worker. This is ideal for loading
|
|
ML models, database connection pools, or other stateful resources
|
|
that are expensive to initialize.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
!!! info "Changed in 25.1.0"
|
|
Added per-app worker allocation via ``:N`` format suffix.
|
|
|
|
### `dirty_workers`
|
|
|
|
**Command line:** `--dirty-workers INT`
|
|
|
|
**Default:** `0`
|
|
|
|
The number of dirty worker processes.
|
|
|
|
A positive integer. Set to 0 (default) to disable the dirty arbiter.
|
|
When set to a positive value, a dirty arbiter process will be spawned
|
|
to manage the dirty worker pool.
|
|
|
|
Dirty workers are separate from HTTP workers and are designed for
|
|
long-running, blocking operations like ML model inference or heavy
|
|
computation.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_timeout`
|
|
|
|
**Command line:** `--dirty-timeout INT`
|
|
|
|
**Default:** `300`
|
|
|
|
Timeout for dirty task execution in seconds.
|
|
|
|
Workers silent for more than this many seconds are considered stuck
|
|
and will be killed. Set to a high value for operations like model
|
|
loading that may take a long time.
|
|
|
|
Value is a positive number. Setting it to 0 disables timeout checking.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_threads`
|
|
|
|
**Command line:** `--dirty-threads INT`
|
|
|
|
**Default:** `1`
|
|
|
|
The number of threads per dirty worker.
|
|
|
|
Each dirty worker can use threads to handle concurrent operations
|
|
within the same process, useful for async-safe applications.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `dirty_graceful_timeout`
|
|
|
|
**Command line:** `--dirty-graceful-timeout INT`
|
|
|
|
**Default:** `30`
|
|
|
|
Timeout for graceful dirty worker shutdown in seconds.
|
|
|
|
After receiving a shutdown signal, dirty workers have this much time
|
|
to finish their current tasks. Workers still alive after the timeout
|
|
are force killed.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
## HTTP/2
|
|
|
|
### `http_protocols`
|
|
|
|
**Command line:** `--http-protocols STRING`
|
|
|
|
**Default:** `'h1'`
|
|
|
|
HTTP protocol versions to support (comma-separated, order = preference).
|
|
|
|
Valid protocols:
|
|
|
|
* ``h1`` - HTTP/1.1 (default)
|
|
* ``h2`` - HTTP/2 (requires TLS with ALPN)
|
|
* ``h3`` - HTTP/3 (future, not yet implemented)
|
|
|
|
Examples::
|
|
|
|
# HTTP/1.1 only (default, backward compatible)
|
|
--http-protocols=h1
|
|
|
|
# Prefer HTTP/2, fallback to HTTP/1.1
|
|
--http-protocols=h2,h1
|
|
|
|
# HTTP/2 only (reject HTTP/1.1 clients)
|
|
--http-protocols=h2
|
|
|
|
HTTP/2 requires:
|
|
|
|
* TLS (--certfile and --keyfile)
|
|
* The h2 library: ``pip install gunicorn[http2]``
|
|
* ALPN-capable TLS client
|
|
|
|
!!! note
|
|
HTTP/2 cleartext (h2c) is not supported due to security concerns
|
|
and lack of browser support.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `http2_max_concurrent_streams`
|
|
|
|
**Command line:** `--http2-max-concurrent-streams INT`
|
|
|
|
**Default:** `100`
|
|
|
|
Maximum number of concurrent HTTP/2 streams per connection.
|
|
|
|
This limits how many requests can be processed simultaneously on a
|
|
single HTTP/2 connection. Higher values allow more parallelism but
|
|
use more memory.
|
|
|
|
Default is 100, which matches common server configurations.
|
|
The HTTP/2 specification allows up to 2^31-1.
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `http2_initial_window_size`
|
|
|
|
**Command line:** `--http2-initial-window-size INT`
|
|
|
|
**Default:** `65535`
|
|
|
|
Initial HTTP/2 flow control window size in bytes.
|
|
|
|
This controls how much data can be in-flight before the receiver
|
|
sends WINDOW_UPDATE frames. Larger values can improve throughput
|
|
for large transfers but use more memory.
|
|
|
|
Default is 65535 (64KB - 1), the HTTP/2 specification default.
|
|
Maximum is 2^31-1 (2147483647).
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `http2_max_frame_size`
|
|
|
|
**Command line:** `--http2-max-frame-size INT`
|
|
|
|
**Default:** `16384`
|
|
|
|
Maximum HTTP/2 frame payload size in bytes.
|
|
|
|
This is the largest frame payload the server will accept.
|
|
Larger frames reduce framing overhead but may increase latency
|
|
for small messages.
|
|
|
|
Default is 16384 (16KB), the HTTP/2 specification minimum.
|
|
Range is 16384 to 16777215 (16MB - 1).
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
### `http2_max_header_list_size`
|
|
|
|
**Command line:** `--http2-max-header-list-size INT`
|
|
|
|
**Default:** `65536`
|
|
|
|
Maximum size of HTTP/2 header list in bytes (HPACK protection).
|
|
|
|
This limits the total size of headers after HPACK decompression.
|
|
Protects against compression bombs and excessive memory use.
|
|
|
|
Default is 65536 (64KB). Set to 0 for unlimited (not recommended).
|
|
|
|
!!! info "Added in 25.0.0"
|
|
|
|
## Logging
|
|
|
|
### `accesslog`
|
|
|
|
**Command line:** `--access-logfile FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
The Access log file to write to.
|
|
|
|
``'-'`` means log to stdout.
|
|
|
|
### `disable_redirect_access_to_syslog`
|
|
|
|
**Command line:** `--disable-redirect-access-to-syslog`
|
|
|
|
**Default:** `False`
|
|
|
|
Disable redirect access logs to syslog.
|
|
|
|
!!! info "Added in 19.8"
|
|
|
|
### `access_log_format`
|
|
|
|
**Command line:** `--access-logformat STRING`
|
|
|
|
**Default:** `'%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"'`
|
|
|
|
The access log format.
|
|
|
|
=========== ===========
|
|
Identifier Description
|
|
=========== ===========
|
|
h remote address
|
|
l ``'-'``
|
|
u user name (if HTTP Basic auth used)
|
|
t date of the request
|
|
r status line (e.g. ``GET / HTTP/1.1``)
|
|
m request method
|
|
U URL path without query string
|
|
q query string
|
|
H protocol
|
|
s status
|
|
B response length
|
|
b response length or ``'-'`` (CLF format)
|
|
f referrer (note: header is ``referer``)
|
|
a user agent
|
|
T request time in seconds
|
|
M request time in milliseconds
|
|
D request time in microseconds
|
|
L request time in decimal seconds
|
|
p process ID
|
|
{header}i request header
|
|
{header}o response header
|
|
{variable}e environment variable
|
|
=========== ===========
|
|
|
|
Use lowercase for header and environment variable names, and put
|
|
``{...}x`` names inside ``%(...)s``. For example::
|
|
|
|
%({x-forwarded-for}i)s
|
|
|
|
### `errorlog`
|
|
|
|
**Command line:** `--error-logfile FILE`, `--log-file FILE`
|
|
|
|
**Default:** `'-'`
|
|
|
|
The Error log file to write to.
|
|
|
|
Using ``'-'`` for FILE makes gunicorn log to stderr.
|
|
|
|
!!! info "Changed in 19.2"
|
|
Log to stderr by default.
|
|
|
|
### `loglevel`
|
|
|
|
**Command line:** `--log-level LEVEL`
|
|
|
|
**Default:** `'info'`
|
|
|
|
The granularity of Error log outputs.
|
|
|
|
Valid level names are:
|
|
|
|
* ``'debug'``
|
|
* ``'info'``
|
|
* ``'warning'``
|
|
* ``'error'``
|
|
* ``'critical'``
|
|
|
|
### `capture_output`
|
|
|
|
**Command line:** `--capture-output`
|
|
|
|
**Default:** `False`
|
|
|
|
Redirect stdout/stderr to specified file in [errorlog](#errorlog).
|
|
|
|
!!! info "Added in 19.6"
|
|
|
|
### `logger_class`
|
|
|
|
**Command line:** `--logger-class STRING`
|
|
|
|
**Default:** `'gunicorn.glogging.Logger'`
|
|
|
|
The logger you want to use to log events in Gunicorn.
|
|
|
|
The default class (``gunicorn.glogging.Logger``) handles most
|
|
normal usages in logging. It provides error and access logging.
|
|
|
|
You can provide your own logger by giving Gunicorn a Python path to a
|
|
class that quacks like ``gunicorn.glogging.Logger``.
|
|
|
|
### `logconfig`
|
|
|
|
**Command line:** `--log-config FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
The log config file to use.
|
|
Gunicorn uses the standard Python logging module's Configuration
|
|
file format.
|
|
|
|
### `logconfig_dict`
|
|
|
|
**Default:** `{}`
|
|
|
|
The log config dictionary to use, using the standard Python
|
|
logging module's dictionary configuration format. This option
|
|
takes precedence over the [logconfig](#logconfig) and [logconfig-json](#logconfig_json) options,
|
|
which uses the older file configuration format and JSON
|
|
respectively.
|
|
|
|
Format: https://docs.python.org/3/library/logging.config.html#logging.config.dictConfig
|
|
|
|
For more context you can look at the default configuration dictionary for logging,
|
|
which can be found at ``gunicorn.glogging.CONFIG_DEFAULTS``.
|
|
|
|
!!! info "Added in 19.8"
|
|
|
|
### `logconfig_json`
|
|
|
|
**Command line:** `--log-config-json FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
The log config to read config from a JSON file
|
|
|
|
Format: https://docs.python.org/3/library/logging.config.html#logging.config.jsonConfig
|
|
|
|
!!! info "Added in 20.0"
|
|
|
|
### `syslog_addr`
|
|
|
|
**Command line:** `--log-syslog-to SYSLOG_ADDR`
|
|
|
|
**Default:**
|
|
|
|
Platform-specific:
|
|
|
|
* macOS: ``'unix:///var/run/syslog'``
|
|
* FreeBSD/DragonFly: ``'unix:///var/run/log'``
|
|
* OpenBSD: ``'unix:///dev/log'``
|
|
* Linux/other: ``'udp://localhost:514'``
|
|
|
|
Address to send syslog messages.
|
|
|
|
Address is a string of the form:
|
|
|
|
* ``unix://PATH#TYPE`` : for unix domain socket. ``TYPE`` can be ``stream``
|
|
for the stream driver or ``dgram`` for the dgram driver.
|
|
``stream`` is the default.
|
|
* ``udp://HOST:PORT`` : for UDP sockets
|
|
* ``tcp://HOST:PORT`` : for TCP sockets
|
|
|
|
### `syslog`
|
|
|
|
**Command line:** `--log-syslog`
|
|
|
|
**Default:** `False`
|
|
|
|
Send *Gunicorn* logs to syslog.
|
|
|
|
!!! info "Changed in 19.8"
|
|
You can now disable sending access logs by using the
|
|
disable-redirect-access-to-syslog setting.
|
|
|
|
### `syslog_prefix`
|
|
|
|
**Command line:** `--log-syslog-prefix SYSLOG_PREFIX`
|
|
|
|
**Default:** `None`
|
|
|
|
Makes Gunicorn use the parameter as program-name in the syslog entries.
|
|
|
|
All entries will be prefixed by ``gunicorn.<prefix>``. By default the
|
|
program name is the name of the process.
|
|
|
|
### `syslog_facility`
|
|
|
|
**Command line:** `--log-syslog-facility SYSLOG_FACILITY`
|
|
|
|
**Default:** `'user'`
|
|
|
|
Syslog facility name
|
|
|
|
### `enable_stdio_inheritance`
|
|
|
|
**Command line:** `-R`, `--enable-stdio-inheritance`
|
|
|
|
**Default:** `False`
|
|
|
|
Enable stdio inheritance.
|
|
|
|
Enable inheritance for stdio file descriptors in daemon mode.
|
|
|
|
Note: To disable the Python stdout buffering, you can to set the user
|
|
environment variable ``PYTHONUNBUFFERED`` .
|
|
|
|
### `statsd_host`
|
|
|
|
**Command line:** `--statsd-host STATSD_ADDR`
|
|
|
|
**Default:** `None`
|
|
|
|
The address of the StatsD server to log to.
|
|
|
|
Address is a string of the form:
|
|
|
|
* ``unix://PATH`` : for a unix domain socket.
|
|
* ``HOST:PORT`` : for a network address
|
|
|
|
!!! info "Added in 19.1"
|
|
|
|
### `dogstatsd_tags`
|
|
|
|
**Command line:** `--dogstatsd-tags DOGSTATSD_TAGS`
|
|
|
|
**Default:** `''`
|
|
|
|
A comma-delimited list of datadog statsd (dogstatsd) tags to append to
|
|
statsd metrics. e.g. ``'tag1:value1,tag2:value2'``
|
|
|
|
!!! info "Added in 20"
|
|
|
|
### `statsd_prefix`
|
|
|
|
**Command line:** `--statsd-prefix STATSD_PREFIX`
|
|
|
|
**Default:** `''`
|
|
|
|
Prefix to use when emitting statsd metrics (a trailing ``.`` is added,
|
|
if not provided).
|
|
|
|
!!! info "Added in 19.2"
|
|
|
|
### `enable_backlog_metric`
|
|
|
|
**Command line:** `--enable-backlog-metric`
|
|
|
|
**Default:** `False`
|
|
|
|
Enable socket backlog metric (only supported on Linux).
|
|
|
|
When enabled, gunicorn will emit a ``gunicorn.backlog`` histogram metric
|
|
showing the number of connections waiting in the socket backlog.
|
|
|
|
## Process Naming
|
|
|
|
### `proc_name`
|
|
|
|
**Command line:** `-n STRING`, `--name STRING`
|
|
|
|
**Default:** `None`
|
|
|
|
A base to use with setproctitle for process naming.
|
|
|
|
This affects things like ``ps`` and ``top``. If you're going to be
|
|
running more than one instance of Gunicorn you'll probably want to set a
|
|
name to tell them apart. This requires that you install the setproctitle
|
|
module.
|
|
|
|
If not set, the *default_proc_name* setting will be used.
|
|
|
|
### `default_proc_name`
|
|
|
|
**Default:** `'gunicorn'`
|
|
|
|
Internal setting that is adjusted for each type of application.
|
|
|
|
## SSL
|
|
|
|
### `keyfile`
|
|
|
|
**Command line:** `--keyfile FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
SSL key file
|
|
|
|
### `certfile`
|
|
|
|
**Command line:** `--certfile FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
SSL certificate file
|
|
|
|
### `ssl_version`
|
|
|
|
**Command line:** `--ssl-version`
|
|
|
|
**Default:** `<_SSLMethod.PROTOCOL_TLS: 2>`
|
|
|
|
SSL version to use (see stdlib ssl module's).
|
|
|
|
!!! danger "Deprecated in 21.0"
|
|
The option is deprecated and it is currently ignored. Use [ssl-context](#ssl_context) instead.
|
|
|
|
============= ============
|
|
--ssl-version Description
|
|
============= ============
|
|
SSLv3 SSLv3 is not-secure and is strongly discouraged.
|
|
SSLv23 Alias for TLS. Deprecated in Python 3.6, use TLS.
|
|
TLS Negotiate highest possible version between client/server.
|
|
Can yield SSL. (Python 3.6+)
|
|
TLSv1 TLS 1.0
|
|
TLSv1_1 TLS 1.1 (Python 3.4+)
|
|
TLSv1_2 TLS 1.2 (Python 3.4+)
|
|
TLS_SERVER Auto-negotiate the highest protocol version like TLS,
|
|
but only support server-side SSLSocket connections.
|
|
(Python 3.6+)
|
|
============= ============
|
|
|
|
!!! info "Changed in 19.7"
|
|
The default value has been changed from ``ssl.PROTOCOL_TLSv1`` to
|
|
``ssl.PROTOCOL_SSLv23``.
|
|
|
|
!!! info "Changed in 20.0"
|
|
This setting now accepts string names based on ``ssl.PROTOCOL_``
|
|
constants.
|
|
|
|
!!! info "Changed in 20.0.1"
|
|
The default value has been changed from ``ssl.PROTOCOL_SSLv23`` to
|
|
``ssl.PROTOCOL_TLS`` when Python >= 3.6 .
|
|
|
|
### `cert_reqs`
|
|
|
|
**Command line:** `--cert-reqs`
|
|
|
|
**Default:** `<VerifyMode.CERT_NONE: 0>`
|
|
|
|
Whether client certificate is required (see stdlib ssl module's)
|
|
|
|
=========== ===========================
|
|
--cert-reqs Description
|
|
=========== ===========================
|
|
`0` no client verification
|
|
`1` ssl.CERT_OPTIONAL
|
|
`2` ssl.CERT_REQUIRED
|
|
=========== ===========================
|
|
|
|
### `ca_certs`
|
|
|
|
**Command line:** `--ca-certs FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
CA certificates file
|
|
|
|
### `suppress_ragged_eofs`
|
|
|
|
**Command line:** `--suppress-ragged-eofs`
|
|
|
|
**Default:** `True`
|
|
|
|
Suppress ragged EOFs (see stdlib ssl module's)
|
|
|
|
### `do_handshake_on_connect`
|
|
|
|
**Command line:** `--do-handshake-on-connect`
|
|
|
|
**Default:** `False`
|
|
|
|
Whether to perform SSL handshake on socket connect (see stdlib ssl module's)
|
|
|
|
### `ciphers`
|
|
|
|
**Command line:** `--ciphers`
|
|
|
|
**Default:** `None`
|
|
|
|
SSL Cipher suite to use, in the format of an OpenSSL cipher list.
|
|
|
|
By default we use the default cipher list from Python's ``ssl`` module,
|
|
which contains ciphers considered strong at the time of each Python
|
|
release.
|
|
|
|
As a recommended alternative, the Open Web App Security Project (OWASP)
|
|
offers `a vetted set of strong cipher strings rated A+ to C-
|
|
<https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet>`_.
|
|
OWASP provides details on user-agent compatibility at each security level.
|
|
|
|
See the `OpenSSL Cipher List Format Documentation
|
|
<https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT>`_
|
|
for details on the format of an OpenSSL cipher list.
|
|
|
|
## Security
|
|
|
|
### `limit_request_line`
|
|
|
|
**Command line:** `--limit-request-line INT`
|
|
|
|
**Default:** `4094`
|
|
|
|
The maximum size of HTTP request line in bytes.
|
|
|
|
This parameter is used to limit the allowed size of a client's
|
|
HTTP request-line. Since the request-line consists of the HTTP
|
|
method, URI, and protocol version, this directive places a
|
|
restriction on the length of a request-URI allowed for a request
|
|
on the server. A server needs this value to be large enough to
|
|
hold any of its resource names, including any information that
|
|
might be passed in the query part of a GET request. Value is a number
|
|
from 0 (unlimited) to 8190.
|
|
|
|
This parameter can be used to prevent any DDOS attack.
|
|
|
|
### `limit_request_fields`
|
|
|
|
**Command line:** `--limit-request-fields INT`
|
|
|
|
**Default:** `100`
|
|
|
|
Limit the number of HTTP headers fields in a request.
|
|
|
|
This parameter is used to limit the number of headers in a request to
|
|
prevent DDOS attack. Used with the *limit_request_field_size* it allows
|
|
more safety. By default this value is 100 and can't be larger than
|
|
32768.
|
|
|
|
### `limit_request_field_size`
|
|
|
|
**Command line:** `--limit-request-field_size INT`
|
|
|
|
**Default:** `8190`
|
|
|
|
Limit the allowed size of an HTTP request header field.
|
|
|
|
Value is a positive number or 0. Setting it to 0 will allow unlimited
|
|
header field sizes.
|
|
|
|
!!! warning
|
|
Setting this parameter to a very high or unlimited value can open
|
|
up for DDOS attacks.
|
|
|
|
## Server Hooks
|
|
|
|
### `on_starting`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def on_starting(server):
|
|
pass
|
|
```
|
|
|
|
Called just before the master process is initialized.
|
|
|
|
The callable needs to accept a single instance variable for the Arbiter.
|
|
|
|
### `on_reload`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def on_reload(server):
|
|
pass
|
|
```
|
|
|
|
Called to recycle workers during a reload via SIGHUP.
|
|
|
|
The callable needs to accept a single instance variable for the Arbiter.
|
|
|
|
### `when_ready`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def when_ready(server):
|
|
pass
|
|
```
|
|
|
|
Called just after the server is started.
|
|
|
|
The callable needs to accept a single instance variable for the Arbiter.
|
|
|
|
### `pre_fork`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def pre_fork(server, worker):
|
|
pass
|
|
```
|
|
|
|
Called just before a worker is forked.
|
|
|
|
The callable needs to accept two instance variables for the Arbiter and
|
|
new Worker.
|
|
|
|
### `post_fork`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def post_fork(server, worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a worker has been forked.
|
|
|
|
The callable needs to accept two instance variables for the Arbiter and
|
|
new Worker.
|
|
|
|
### `post_worker_init`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def post_worker_init(worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a worker has initialized the application.
|
|
|
|
The callable needs to accept one instance variable for the initialized
|
|
Worker.
|
|
|
|
### `worker_int`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def worker_int(worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a worker exited on SIGINT or SIGQUIT.
|
|
|
|
The callable needs to accept one instance variable for the initialized
|
|
Worker.
|
|
|
|
### `worker_abort`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def worker_abort(worker):
|
|
pass
|
|
```
|
|
|
|
Called when a worker received the SIGABRT signal.
|
|
|
|
This call generally happens on timeout.
|
|
|
|
The callable needs to accept one instance variable for the initialized
|
|
Worker.
|
|
|
|
### `pre_exec`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def pre_exec(server):
|
|
pass
|
|
```
|
|
|
|
Called just before a new master process is forked.
|
|
|
|
The callable needs to accept a single instance variable for the Arbiter.
|
|
|
|
### `pre_request`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def pre_request(worker, req):
|
|
worker.log.debug("%s %s", req.method, req.path)
|
|
```
|
|
|
|
Called just before a worker processes the request.
|
|
|
|
The callable needs to accept two instance variables for the Worker and
|
|
the Request.
|
|
|
|
### `post_request`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def post_request(worker, req, environ, resp):
|
|
pass
|
|
```
|
|
|
|
Called after a worker processes the request.
|
|
|
|
The callable needs to accept two instance variables for the Worker and
|
|
the Request. If a third parameter is defined it will be passed the
|
|
environment. If a fourth parameter is defined it will be passed the Response.
|
|
|
|
### `child_exit`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def child_exit(server, worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a worker has been exited, in the master process.
|
|
|
|
The callable needs to accept two instance variables for the Arbiter and
|
|
the just-exited Worker.
|
|
|
|
!!! info "Added in 19.7"
|
|
|
|
### `worker_exit`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def worker_exit(server, worker):
|
|
pass
|
|
```
|
|
|
|
Called just after a worker has been exited, in the worker process.
|
|
|
|
The callable needs to accept two instance variables for the Arbiter and
|
|
the just-exited Worker.
|
|
|
|
### `nworkers_changed`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def nworkers_changed(server, new_value, old_value):
|
|
pass
|
|
```
|
|
|
|
Called just after *num_workers* has been changed.
|
|
|
|
The callable needs to accept an instance variable of the Arbiter and
|
|
two integers of number of workers after and before change.
|
|
|
|
If the number of workers is set for the first time, *old_value* would
|
|
be ``None``.
|
|
|
|
### `on_exit`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def on_exit(server):
|
|
pass
|
|
```
|
|
|
|
Called just before exiting Gunicorn.
|
|
|
|
The callable needs to accept a single instance variable for the Arbiter.
|
|
|
|
### `ssl_context`
|
|
|
|
**Default:**
|
|
|
|
```python
|
|
def ssl_context(config, default_ssl_context_factory):
|
|
return default_ssl_context_factory()
|
|
```
|
|
|
|
Called when SSLContext is needed.
|
|
|
|
Allows customizing SSL context.
|
|
|
|
The callable needs to accept an instance variable for the Config and
|
|
a factory function that returns default SSLContext which is initialized
|
|
with certificates, private key, cert_reqs, and ciphers according to
|
|
config and can be further customized by the callable.
|
|
The callable needs to return SSLContext object.
|
|
|
|
Following example shows a configuration file that sets the minimum TLS version to 1.3:
|
|
|
|
```python
|
|
def ssl_context(conf, default_ssl_context_factory):
|
|
import ssl
|
|
context = default_ssl_context_factory()
|
|
context.minimum_version = ssl.TLSVersion.TLSv1_3
|
|
return context
|
|
```
|
|
|
|
!!! info "Added in 21.0"
|
|
|
|
## Server Mechanics
|
|
|
|
### `preload_app`
|
|
|
|
**Command line:** `--preload`
|
|
|
|
**Default:** `False`
|
|
|
|
Load application code before the worker processes are forked.
|
|
|
|
By preloading an application you can save some RAM resources as well as
|
|
speed up server boot times. Although, if you defer application loading
|
|
to each worker process, you can reload your application code easily by
|
|
restarting workers.
|
|
|
|
### `sendfile`
|
|
|
|
**Command line:** `--no-sendfile`
|
|
|
|
**Default:** `None`
|
|
|
|
Disables the use of ``sendfile()``.
|
|
|
|
If not set, the value of the ``SENDFILE`` environment variable is used
|
|
to enable or disable its usage.
|
|
|
|
!!! info "Added in 19.2"
|
|
|
|
!!! info "Changed in 19.4"
|
|
Swapped ``--sendfile`` with ``--no-sendfile`` to actually allow
|
|
disabling.
|
|
|
|
!!! info "Changed in 19.6"
|
|
added support for the ``SENDFILE`` environment variable
|
|
|
|
### `reuse_port`
|
|
|
|
**Command line:** `--reuse-port`
|
|
|
|
**Default:** `False`
|
|
|
|
Set the ``SO_REUSEPORT`` flag on the listening socket.
|
|
|
|
!!! info "Added in 19.8"
|
|
|
|
### `chdir`
|
|
|
|
**Command line:** `--chdir`
|
|
|
|
**Default:**
|
|
|
|
``'.'``
|
|
|
|
Change directory to specified directory before loading apps.
|
|
|
|
### `daemon`
|
|
|
|
**Command line:** `-D`, `--daemon`
|
|
|
|
**Default:** `False`
|
|
|
|
Daemonize the Gunicorn process.
|
|
|
|
Detaches the server from the controlling terminal and enters the
|
|
background.
|
|
|
|
### `raw_env`
|
|
|
|
**Command line:** `-e ENV`, `--env ENV`
|
|
|
|
**Default:** `[]`
|
|
|
|
Set environment variables in the execution environment.
|
|
|
|
Should be a list of strings in the ``key=value`` format.
|
|
|
|
For example on the command line:
|
|
|
|
```console
|
|
$ gunicorn -b 127.0.0.1:8000 --env FOO=1 test:app
|
|
```
|
|
|
|
Or in the configuration file:
|
|
|
|
```python
|
|
raw_env = ["FOO=1"]
|
|
```
|
|
|
|
### `pidfile`
|
|
|
|
**Command line:** `-p FILE`, `--pid FILE`
|
|
|
|
**Default:** `None`
|
|
|
|
A filename to use for the PID file.
|
|
|
|
If not set, no PID file will be written.
|
|
|
|
### `worker_tmp_dir`
|
|
|
|
**Command line:** `--worker-tmp-dir DIR`
|
|
|
|
**Default:** `None`
|
|
|
|
A directory to use for the worker heartbeat temporary file.
|
|
|
|
If not set, the default temporary directory will be used.
|
|
|
|
!!! note
|
|
The current heartbeat system involves calling ``os.fchmod`` on
|
|
temporary file handlers and may block a worker for arbitrary time
|
|
if the directory is on a disk-backed filesystem.
|
|
|
|
See [blocking-os-fchmod](#blocking_os_fchmod) for more detailed information
|
|
and a solution for avoiding this problem.
|
|
|
|
### `user`
|
|
|
|
**Command line:** `-u USER`, `--user USER`
|
|
|
|
**Default:**
|
|
|
|
``os.geteuid()``
|
|
|
|
Switch worker processes to run as this user.
|
|
|
|
A valid user id (as an integer) or the name of a user that can be
|
|
retrieved with a call to ``pwd.getpwnam(value)`` or ``None`` to not
|
|
change the worker process user.
|
|
|
|
### `group`
|
|
|
|
**Command line:** `-g GROUP`, `--group GROUP`
|
|
|
|
**Default:**
|
|
|
|
``os.getegid()``
|
|
|
|
Switch worker process to run as this group.
|
|
|
|
A valid group id (as an integer) or the name of a user that can be
|
|
retrieved with a call to ``grp.getgrnam(value)`` or ``None`` to not
|
|
change the worker processes group.
|
|
|
|
### `umask`
|
|
|
|
**Command line:** `-m INT`, `--umask INT`
|
|
|
|
**Default:** `0`
|
|
|
|
A bit mask for the file mode on files written by Gunicorn.
|
|
|
|
Note that this affects unix socket permissions.
|
|
|
|
A valid value for the ``os.umask(mode)`` call or a string compatible
|
|
with ``int(value, 0)`` (``0`` means Python guesses the base, so values
|
|
like ``0``, ``0xFF``, ``0022`` are valid for decimal, hex, and octal
|
|
representations)
|
|
|
|
### `initgroups`
|
|
|
|
**Command line:** `--initgroups`
|
|
|
|
**Default:** `False`
|
|
|
|
If true, set the worker process's group access list with all of the
|
|
groups of which the specified username is a member, plus the specified
|
|
group id.
|
|
|
|
!!! info "Added in 19.7"
|
|
|
|
### `tmp_upload_dir`
|
|
|
|
**Default:** `None`
|
|
|
|
Directory to store temporary request data as they are read.
|
|
|
|
This may disappear in the near future.
|
|
|
|
This path should be writable by the process permissions set for Gunicorn
|
|
workers. If not specified, Gunicorn will choose a system generated
|
|
temporary directory.
|
|
|
|
### `secure_scheme_headers`
|
|
|
|
**Default:** `{'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}`
|
|
|
|
A dictionary containing headers and values that the front-end proxy
|
|
uses to indicate HTTPS requests. If the source IP is permitted by
|
|
[forwarded-allow-ips](#forwarded_allow_ips) (below), *and* at least one request header matches
|
|
a key-value pair listed in this dictionary, then Gunicorn will set
|
|
``wsgi.url_scheme`` to ``https``, so your application can tell that the
|
|
request is secure.
|
|
|
|
If the other headers listed in this dictionary are not present in the request, they will be ignored,
|
|
but if the other headers are present and do not match the provided values, then
|
|
the request will fail to parse. See the note below for more detailed examples of this behaviour.
|
|
|
|
The dictionary should map upper-case header names to exact string
|
|
values. The value comparisons are case-sensitive, unlike the header
|
|
names, so make sure they're exactly what your front-end proxy sends
|
|
when handling HTTPS requests.
|
|
|
|
It is important that your front-end proxy configuration ensures that
|
|
the headers defined here can not be passed directly from the client.
|
|
|
|
### `forwarded_allow_ips`
|
|
|
|
**Command line:** `--forwarded-allow-ips STRING`
|
|
|
|
**Default:** `'127.0.0.1,::1'`
|
|
|
|
Front-end's IP addresses or networks from which allowed to handle
|
|
set secure headers. (comma separated).
|
|
|
|
Supports both individual IP addresses (e.g., ``192.168.1.1``) and
|
|
CIDR networks (e.g., ``192.168.0.0/16``).
|
|
|
|
Set to ``*`` to disable checking of front-end IPs. This is useful for setups
|
|
where you don't know in advance the IP address of front-end, but
|
|
instead have ensured via other means that only your
|
|
authorized front-ends can access Gunicorn.
|
|
|
|
By default, the value of the ``FORWARDED_ALLOW_IPS`` environment
|
|
variable. If it is not defined, the default is ``"127.0.0.1,::1"``.
|
|
|
|
!!! note
|
|
This option does not affect UNIX socket connections. Connections not associated with
|
|
an IP address are treated as allowed, unconditionally.
|
|
|
|
!!! note
|
|
The interplay between the request headers, the value of ``forwarded_allow_ips``, and the value of
|
|
``secure_scheme_headers`` is complex. Various scenarios are documented below to further elaborate.
|
|
In each case, we have a request from the remote address 134.213.44.18, and the default value of
|
|
``secure_scheme_headers``:
|
|
|
|
```python
|
|
secure_scheme_headers = {
|
|
'X-FORWARDED-PROTOCOL': 'ssl',
|
|
'X-FORWARDED-PROTO': 'https',
|
|
'X-FORWARDED-SSL': 'on'
|
|
}
|
|
```
|
|
|
|
+---------------------+----------------------------+-----------------------------+-------------------------+
|
|
| forwarded-allow-ips | Secure Request Headers | Result | Explanation |
|
|
+=====================+============================+=============================+=========================+
|
|
| `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not |
|
|
| | | | allowed |
|
|
+---------------------+----------------------------+-----------------------------+-------------------------+
|
|
| | | | IP address allowed, but |
|
|
| `"*"` | `<none>` | `wsgi.url_scheme = "http"` | no secure headers |
|
|
| | | | provided |
|
|
+---------------------+----------------------------+-----------------------------+-------------------------+
|
|
| `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one |
|
|
| | | | request header matched |
|
|
+---------------------+----------------------------+-----------------------------+-------------------------+
|
|
| | | | IP address allowed, but |
|
|
| `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers |
|
|
| | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS |
|
|
| | | | was used |
|
|
+---------------------+----------------------------+-----------------------------+-------------------------+
|
|
|
|
### `pythonpath`
|
|
|
|
**Command line:** `--pythonpath STRING`
|
|
|
|
**Default:** `None`
|
|
|
|
A comma-separated list of directories to add to the Python path.
|
|
|
|
e.g.
|
|
``'/home/djangoprojects/myproject,/home/python/mylibrary'``.
|
|
|
|
### `paste`
|
|
|
|
**Command line:** `--paste STRING`, `--paster STRING`
|
|
|
|
**Default:** `None`
|
|
|
|
Load a PasteDeploy config file. The argument may contain a ``#``
|
|
symbol followed by the name of an app section from the config file,
|
|
e.g. ``production.ini#admin``.
|
|
|
|
At this time, using alternate server blocks is not supported. Use the
|
|
command line arguments to control server configuration instead.
|
|
|
|
### `proxy_protocol`
|
|
|
|
**Command line:** `--proxy-protocol MODE`
|
|
|
|
**Default:** `'off'`
|
|
|
|
Enable PROXY protocol support.
|
|
|
|
Allow using HTTP and PROXY protocol together. It may be useful for work
|
|
with stunnel as HTTPS frontend and Gunicorn as HTTP server, or with
|
|
HAProxy.
|
|
|
|
Accepted values:
|
|
|
|
* ``off`` - Disabled (default)
|
|
* ``v1`` - PROXY protocol v1 only (text format)
|
|
* ``v2`` - PROXY protocol v2 only (binary format)
|
|
* ``auto`` - Auto-detect v1 or v2
|
|
|
|
Using ``--proxy-protocol`` without a value is equivalent to ``auto``.
|
|
|
|
PROXY protocol v1: http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
|
|
PROXY protocol v2: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
|
|
|
|
Example for stunnel config::
|
|
|
|
[https]
|
|
protocol = proxy
|
|
accept = 443
|
|
connect = 80
|
|
cert = /etc/ssl/certs/stunnel.pem
|
|
key = /etc/ssl/certs/stunnel.key
|
|
|
|
!!! info "Changed in 24.1.0"
|
|
Extended to support version selection (v1, v2, auto).
|
|
|
|
### `proxy_allow_ips`
|
|
|
|
**Command line:** `--proxy-allow-from`
|
|
|
|
**Default:** `'127.0.0.1,::1'`
|
|
|
|
Front-end's IP addresses or networks from which allowed accept
|
|
proxy requests (comma separated).
|
|
|
|
Supports both individual IP addresses (e.g., ``192.168.1.1``) and
|
|
CIDR networks (e.g., ``192.168.0.0/16``).
|
|
|
|
Set to ``*`` to disable checking of front-end IPs. This is useful for setups
|
|
where you don't know in advance the IP address of front-end, but
|
|
instead have ensured via other means that only your
|
|
authorized front-ends can access Gunicorn.
|
|
|
|
!!! note
|
|
This option does not affect UNIX socket connections. Connections not associated with
|
|
an IP address are treated as allowed, unconditionally.
|
|
|
|
### `protocol`
|
|
|
|
**Command line:** `--protocol STRING`
|
|
|
|
**Default:** `'http'`
|
|
|
|
The protocol for incoming connections.
|
|
|
|
* ``http`` - Standard HTTP/1.x (default)
|
|
* ``uwsgi`` - uWSGI binary protocol (for nginx uwsgi_pass)
|
|
|
|
When using the uWSGI protocol, Gunicorn can receive requests from
|
|
nginx using the uwsgi_pass directive::
|
|
|
|
upstream gunicorn {
|
|
server 127.0.0.1:8000;
|
|
}
|
|
location / {
|
|
uwsgi_pass gunicorn;
|
|
include uwsgi_params;
|
|
}
|
|
|
|
### `uwsgi_allow_ips`
|
|
|
|
**Command line:** `--uwsgi-allow-from`
|
|
|
|
**Default:** `'127.0.0.1,::1'`
|
|
|
|
IPs allowed to send uWSGI protocol requests (comma separated).
|
|
|
|
Set to ``*`` to allow all IPs. This is useful for setups where you
|
|
don't know in advance the IP address of front-end, but instead have
|
|
ensured via other means that only your authorized front-ends can
|
|
access Gunicorn.
|
|
|
|
!!! note
|
|
This option does not affect UNIX socket connections. Connections not associated with
|
|
an IP address are treated as allowed, unconditionally.
|
|
|
|
### `raw_paste_global_conf`
|
|
|
|
**Command line:** `--paste-global CONF`
|
|
|
|
**Default:** `[]`
|
|
|
|
Set a PasteDeploy global config variable in ``key=value`` form.
|
|
|
|
The option can be specified multiple times.
|
|
|
|
The variables are passed to the PasteDeploy entrypoint. Example::
|
|
|
|
$ gunicorn -b 127.0.0.1:8000 --paste development.ini --paste-global FOO=1 --paste-global BAR=2
|
|
|
|
!!! info "Added in 19.7"
|
|
|
|
### `permit_obsolete_folding`
|
|
|
|
**Command line:** `--permit-obsolete-folding`
|
|
|
|
**Default:** `False`
|
|
|
|
Permit requests employing obsolete HTTP line folding mechanism
|
|
|
|
The folding mechanism was deprecated by rfc7230 Section 3.2.4 and will not be
|
|
employed in HTTP request headers from standards-compliant HTTP clients.
|
|
|
|
This option is provided to diagnose backwards-incompatible changes.
|
|
Use with care and only if necessary. Temporary; the precise effect of this option may
|
|
change in a future version, or it may be removed altogether.
|
|
|
|
!!! info "Added in 23.0.0"
|
|
|
|
### `strip_header_spaces`
|
|
|
|
**Command line:** `--strip-header-spaces`
|
|
|
|
**Default:** `False`
|
|
|
|
Strip spaces present between the header name and the the ``:``.
|
|
|
|
This is known to induce vulnerabilities and is not compliant with the HTTP/1.1 standard.
|
|
See https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.
|
|
|
|
Use with care and only if necessary. Deprecated; scheduled for removal in 25.0.0
|
|
|
|
!!! info "Added in 20.0.1"
|
|
|
|
### `permit_unconventional_http_method`
|
|
|
|
**Command line:** `--permit-unconventional-http-method`
|
|
|
|
**Default:** `False`
|
|
|
|
Permit HTTP methods not matching conventions, such as IANA registration guidelines
|
|
|
|
This permits request methods of length less than 3 or more than 20,
|
|
methods with lowercase characters or methods containing the # character.
|
|
HTTP methods are case sensitive by definition, and merely uppercase by convention.
|
|
|
|
If unset, Gunicorn will apply nonstandard restrictions and cause 400 response status
|
|
in cases where otherwise 501 status is expected. While this option does modify that
|
|
behaviour, it should not be depended upon to guarantee standards-compliant behaviour.
|
|
Rather, it is provided temporarily, to assist in diagnosing backwards-incompatible
|
|
changes around the incomplete application of those restrictions.
|
|
|
|
Use with care and only if necessary. Temporary; scheduled for removal in 24.0.0
|
|
|
|
!!! info "Added in 22.0.0"
|
|
|
|
### `permit_unconventional_http_version`
|
|
|
|
**Command line:** `--permit-unconventional-http-version`
|
|
|
|
**Default:** `False`
|
|
|
|
Permit HTTP version not matching conventions of 2023
|
|
|
|
This disables the refusal of likely malformed request lines.
|
|
It is unusual to specify HTTP 1 versions other than 1.0 and 1.1.
|
|
|
|
This option is provided to diagnose backwards-incompatible changes.
|
|
Use with care and only if necessary. Temporary; the precise effect of this option may
|
|
change in a future version, or it may be removed altogether.
|
|
|
|
!!! info "Added in 22.0.0"
|
|
|
|
### `casefold_http_method`
|
|
|
|
**Command line:** `--casefold-http-method`
|
|
|
|
**Default:** `False`
|
|
|
|
Transform received HTTP methods to uppercase
|
|
|
|
HTTP methods are case sensitive by definition, and merely uppercase by convention.
|
|
|
|
This option is provided because previous versions of gunicorn defaulted to this behaviour.
|
|
|
|
Use with care and only if necessary. Deprecated; scheduled for removal in 24.0.0
|
|
|
|
!!! info "Added in 22.0.0"
|
|
|
|
### `forwarder_headers`
|
|
|
|
**Command line:** `--forwarder-headers`
|
|
|
|
**Default:** `'SCRIPT_NAME,PATH_INFO'`
|
|
|
|
A list containing upper-case header field names that the front-end proxy
|
|
(see [forwarded-allow-ips](#forwarded_allow_ips)) sets, to be used in WSGI environment.
|
|
|
|
This option has no effect for headers not present in the request.
|
|
|
|
This option can be used to transfer ``SCRIPT_NAME``, ``PATH_INFO``
|
|
and ``REMOTE_USER``.
|
|
|
|
It is important that your front-end proxy configuration ensures that
|
|
the headers defined here can not be passed directly from the client.
|
|
|
|
### `header_map`
|
|
|
|
**Command line:** `--header-map`
|
|
|
|
**Default:** `'drop'`
|
|
|
|
Configure how header field names are mapped into environ
|
|
|
|
Headers containing underscores are permitted by RFC9110,
|
|
but gunicorn joining headers of different names into
|
|
the same environment variable will dangerously confuse applications as to which is which.
|
|
|
|
The safe default ``drop`` is to silently drop headers that cannot be unambiguously mapped.
|
|
The value ``refuse`` will return an error if a request contains *any* such header.
|
|
The value ``dangerous`` matches the previous, not advisable, behaviour of mapping different
|
|
header field names into the same environ name.
|
|
|
|
If the source is permitted as explained in [forwarded-allow-ips](#forwarded_allow_ips), *and* the header name is
|
|
present in [forwarder-headers](#forwarder_headers), the header is mapped into environment regardless of
|
|
the state of this setting.
|
|
|
|
Use with care and only if necessary and after considering if your problem could
|
|
instead be solved by specifically renaming or rewriting only the intended headers
|
|
on a proxy in front of Gunicorn.
|
|
|
|
!!! info "Added in 22.0.0"
|
|
|
|
### `root_path`
|
|
|
|
**Command line:** `--root-path STRING`
|
|
|
|
**Default:** `''`
|
|
|
|
The root path for ASGI applications.
|
|
|
|
This is used to set the ``root_path`` in the ASGI scope, which
|
|
allows applications to know their mount point when behind a
|
|
reverse proxy.
|
|
|
|
For example, if your application is mounted at ``/api``, set
|
|
this to ``/api``.
|
|
|
|
!!! info "Added in 24.0.0"
|
|
|
|
## Server Socket
|
|
|
|
### `bind`
|
|
|
|
**Command line:** `-b ADDRESS`, `--bind ADDRESS`
|
|
|
|
**Default:** `['127.0.0.1:8000']`
|
|
|
|
The socket to bind.
|
|
|
|
A string of the form: ``HOST``, ``HOST:PORT``, ``unix:PATH``,
|
|
``fd://FD``. An IP is a valid ``HOST``.
|
|
|
|
!!! info "Changed in 20.0"
|
|
Support for ``fd://FD`` got added.
|
|
|
|
Multiple addresses can be bound. ex.::
|
|
|
|
$ gunicorn -b 127.0.0.1:8000 -b [::1]:8000 test:app
|
|
|
|
will bind the `test:app` application on localhost both on ipv6
|
|
and ipv4 interfaces.
|
|
|
|
If the ``PORT`` environment variable is defined, the default
|
|
is ``['0.0.0.0:$PORT']``. If it is not defined, the default
|
|
is ``['127.0.0.1:8000']``.
|
|
|
|
### `backlog`
|
|
|
|
**Command line:** `--backlog INT`
|
|
|
|
**Default:** `2048`
|
|
|
|
The maximum number of pending connections.
|
|
|
|
This refers to the number of clients that can be waiting to be served.
|
|
Exceeding this number results in the client getting an error when
|
|
attempting to connect. It should only affect servers under significant
|
|
load.
|
|
|
|
Must be a positive integer. Generally set in the 64-2048 range.
|
|
|
|
## Worker Processes
|
|
|
|
### `workers`
|
|
|
|
**Command line:** `-w INT`, `--workers INT`
|
|
|
|
**Default:** `1`
|
|
|
|
The number of worker processes for handling requests.
|
|
|
|
A positive integer generally in the ``2-4 x $(NUM_CORES)`` range.
|
|
You'll want to vary this a bit to find the best for your particular
|
|
application's work load.
|
|
|
|
By default, the value of the ``WEB_CONCURRENCY`` environment variable,
|
|
which is set by some Platform-as-a-Service providers such as Heroku. If
|
|
it is not defined, the default is ``1``.
|
|
|
|
### `worker_class`
|
|
|
|
**Command line:** `-k STRING`, `--worker-class STRING`
|
|
|
|
**Default:** `'sync'`
|
|
|
|
The type of workers to use.
|
|
|
|
The default class (``sync``) should handle most "normal" types of
|
|
workloads. You'll want to read :doc:`design` for information on when
|
|
you might want to choose one of the other worker classes. Required
|
|
libraries may be installed using setuptools' ``extras_require`` feature.
|
|
|
|
A string referring to one of the following bundled classes:
|
|
|
|
* ``sync``
|
|
* ``eventlet`` - **DEPRECATED: will be removed in 26.0**. Requires eventlet >= 0.40.3
|
|
* ``gevent`` - Requires gevent >= 24.10.1 (or install it via
|
|
``pip install gunicorn[gevent]``)
|
|
* ``tornado`` - Requires tornado >= 6.5.0 (or install it via
|
|
``pip install gunicorn[tornado]``)
|
|
* ``gthread`` - Python 2 requires the futures package to be installed
|
|
(or install it via ``pip install gunicorn[gthread]``)
|
|
|
|
Optionally, you can provide your own worker by giving Gunicorn a
|
|
Python path to a subclass of ``gunicorn.workers.base.Worker``.
|
|
This alternative syntax will load the gevent class:
|
|
``gunicorn.workers.ggevent.GeventWorker``.
|
|
|
|
### `threads`
|
|
|
|
**Command line:** `--threads INT`
|
|
|
|
**Default:** `1`
|
|
|
|
The number of worker threads for handling requests.
|
|
|
|
Run each worker with the specified number of threads.
|
|
|
|
A positive integer generally in the ``2-4 x $(NUM_CORES)`` range.
|
|
You'll want to vary this a bit to find the best for your particular
|
|
application's work load.
|
|
|
|
If it is not defined, the default is ``1``.
|
|
|
|
This setting only affects the Gthread worker type.
|
|
|
|
!!! note
|
|
If you try to use the ``sync`` worker type and set the ``threads``
|
|
setting to more than 1, the ``gthread`` worker type will be used
|
|
instead.
|
|
|
|
### `worker_connections`
|
|
|
|
**Command line:** `--worker-connections INT`
|
|
|
|
**Default:** `1000`
|
|
|
|
The maximum number of simultaneous clients.
|
|
|
|
This setting only affects the ``gthread``, ``eventlet`` and ``gevent`` worker types.
|
|
|
|
### `max_requests`
|
|
|
|
**Command line:** `--max-requests INT`
|
|
|
|
**Default:** `0`
|
|
|
|
The maximum number of requests a worker will process before restarting.
|
|
|
|
Any value greater than zero will limit the number of requests a worker
|
|
will process before automatically restarting. This is a simple method
|
|
to help limit the damage of memory leaks.
|
|
|
|
If this is set to zero (the default) then the automatic worker
|
|
restarts are disabled.
|
|
|
|
### `max_requests_jitter`
|
|
|
|
**Command line:** `--max-requests-jitter INT`
|
|
|
|
**Default:** `0`
|
|
|
|
The maximum jitter to add to the *max_requests* setting.
|
|
|
|
The jitter causes the restart per worker to be randomized by
|
|
``randint(0, max_requests_jitter)``. This is intended to stagger worker
|
|
restarts to avoid all workers restarting at the same time.
|
|
|
|
!!! info "Added in 19.2"
|
|
|
|
### `timeout`
|
|
|
|
**Command line:** `-t INT`, `--timeout INT`
|
|
|
|
**Default:** `30`
|
|
|
|
Workers silent for more than this many seconds are killed and restarted.
|
|
|
|
Value is a positive number or 0. Setting it to 0 has the effect of
|
|
infinite timeouts by disabling timeouts for all workers entirely.
|
|
|
|
Generally, the default of thirty seconds should suffice. Only set this
|
|
noticeably higher if you're sure of the repercussions for sync workers.
|
|
For the non sync workers it just means that the worker process is still
|
|
communicating and is not tied to the length of time required to handle a
|
|
single request.
|
|
|
|
### `graceful_timeout`
|
|
|
|
**Command line:** `--graceful-timeout INT`
|
|
|
|
**Default:** `30`
|
|
|
|
Timeout for graceful workers restart in seconds.
|
|
|
|
After receiving a restart signal, workers have this much time to finish
|
|
serving requests. Workers still alive after the timeout (starting from
|
|
the receipt of the restart signal) are force killed.
|
|
|
|
### `keepalive`
|
|
|
|
**Command line:** `--keep-alive INT`
|
|
|
|
**Default:** `2`
|
|
|
|
The number of seconds to wait for requests on a Keep-Alive connection.
|
|
|
|
Generally set in the 1-5 seconds range for servers with direct connection
|
|
to the client (e.g. when you don't have separate load balancer). When
|
|
Gunicorn is deployed behind a load balancer, it often makes sense to
|
|
set this to a higher value.
|
|
|
|
!!! note
|
|
``sync`` worker does not support persistent connections and will
|
|
ignore this option.
|
|
|
|
### `asgi_loop`
|
|
|
|
**Command line:** `--asgi-loop STRING`
|
|
|
|
**Default:** `'auto'`
|
|
|
|
Event loop implementation for ASGI workers.
|
|
|
|
- auto: Use uvloop if available, otherwise asyncio
|
|
- asyncio: Use Python's built-in asyncio event loop
|
|
- uvloop: Use uvloop (must be installed separately)
|
|
|
|
This setting only affects the ``asgi`` worker type.
|
|
|
|
uvloop typically provides better performance but requires
|
|
installing the uvloop package.
|
|
|
|
!!! info "Added in 24.0.0"
|
|
|
|
### `asgi_lifespan`
|
|
|
|
**Command line:** `--asgi-lifespan STRING`
|
|
|
|
**Default:** `'auto'`
|
|
|
|
Control ASGI lifespan protocol handling.
|
|
|
|
- auto: Detect if app supports lifespan, enable if so
|
|
- on: Always run lifespan protocol (fail if unsupported)
|
|
- off: Never run lifespan protocol
|
|
|
|
The lifespan protocol allows ASGI applications to run code at
|
|
startup and shutdown. This is essential for frameworks like
|
|
FastAPI that need to initialize database connections, caches,
|
|
or other resources.
|
|
|
|
This setting only affects the ``asgi`` worker type.
|
|
|
|
!!! info "Added in 24.0.0"
|
|
|
|
### `asgi_disconnect_grace_period`
|
|
|
|
**Command line:** `--asgi-disconnect-grace-period INT`
|
|
|
|
**Default:** `3`
|
|
|
|
Grace period (seconds) for ASGI apps to handle client disconnects.
|
|
|
|
When a client disconnects, the ASGI app receives an http.disconnect
|
|
message and has this many seconds to clean up resources (like database
|
|
connections) before the request task is cancelled.
|
|
|
|
Set to 0 to cancel immediately (not recommended for apps with async
|
|
database connections). Apps with long-running database operations may
|
|
need to increase this value.
|
|
|
|
This setting only affects the ``asgi`` worker type.
|
|
|
|
!!! info "Added in 25.0.0"
|