问题
We've got a few Django setups that go through a proxy (Apache and Nginx) that eventually make their way to the actual Django runtime.
We need to have HTTPS end to end even once it's in our network. We've been revisiting Gunicorn due to its success and performance in our other setups, but needed to test with HTTPS end to end to be consistent.
Our topology is as such:
https://foo.com -> [Public facing proxy] -> (https) -> [internal server https://192...:8001]
How does one configure Gunicorn to listen on HTTPS with a self signed certificate?
回答1:
Gunicorn now supports SSL, as of version 17.0. You can configure it to listen on https like this:
$ gunicorn --certfile=server.crt --keyfile=server.key test:app
If you were using --bind to listen on port 80, remember to change the port to 443 (the default port for HTTPS connections). For example:
$ gunicorn --certfile=server.crt --keyfile=server.key --bind 0.0.0.0:443 test:app
回答2:
Massively late reply, but for anyone else coming across this, there's another option using nginx as the "[Public facing proxy]" above.
Configure nginx to handle the incoming SSL traffic on port 443, and then proxy_pass to gunicorn on an internal port. External traffic is encrypted, and the traffic between nginx and gunicorn isn't exposed anyway. I find this very simple to manage.
来源:https://stackoverflow.com/questions/7406805/running-gunicorn-on-https