I have deployed a python script which works using Uvicorn. I have installed nginx on my Ubuntu ec2 instance and installed all requirements to run my script. I have created a file named as Hosting in directory /etc/nginx/sites-enabled/ . My file looks like this
server {
listen 80;
server_name 12.34.56.78 (this is an pseudo IP);
location / {
proxy_pass http://127.0.0.1:8000;
}
}
When I run my script using this command, it starts serving the application on Ip 12.34.56.78
gunicorn3 -k uvicorn.workers.UvicornWorker app:app
To access the API urls I have to use http://12.34.56.78 (not https) and it works correctely but I want it to work on https://12.34.56.78 (with https) .
I tried to change the Hosting file and change the listen 80 to listen 443
server {
listen 443 <- made changes;
server_name 12.34.56.78 (this is an pseudo IP);
location / {
proxy_pass http://127.0.0.1:8000;
}
}
But unfortunately it is not working, I changed the Inbound secrity rules in AWS to accept https and http but it's not working too.
When I try to go https://12.34.56.78 , the webpage says
This site can’t provide a secure connection 12.34.56.78 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Could anyone find the mistake ? Thank you in advance
I want to run a Django+Ember website on my website on a certain port number (eg. 54321), for example: domain-name.com:54321.
I got the Django+ember application working on my domain name (without the port number specified) like domain-name.com. I can not get it working with the command:
python3 manage.py runserver domain-name.com:54321
Do I need to add anything to my /etc/httpd/conf/httpd.conf file? I know my current configuration for the httpd.conf file is correct because it works without a port number. But what am I missing to make it work on a certain port number?
You have to add the port to your httpd.conf configuration.
Example:
Listen 54321
<VirtualHost domain-name.com:54321>
DocumentRoot "/var/www/my-django-app/"
ServerName domain-name.com
# Other things...
</VirtualHost>
Don't forget to restart your apache service...
For more information read the documentation:
https://httpd.apache.org/docs/2.4/vhosts/examples.html
I have Django app. It's running on an EC2. The EC2 has a private IP address and an elastic public IP address.
I want the web app to be available locally as well as Developer's IP address which is outside the network.
Let's define these three IP addresses as:
EC2_PRIVATE_IP
EC2_PUBLIC_IP
DEVELOPER_IP
So what I did was ran on the EC2:
python manage.py runserver 0.0.0.0:8000
Went into my EC2 security settings, and opened up inbound and outbound port 8000 to DEVELOPER_IP.
Then asked Developer to go to the EC2_PUBLIC_IP address on his browser.
Unfortunately that doesn't work as he gets the error:
Gateway Timeout: can't connect to remote host
Update #1
I previously tried:
python manage.py runserver {EC2_PUBLIC_IP}:8000
But I got the error:
Error: That IP address can't be assigned-to.
The server should be started with below url
python manage.py runserver 0.0.0.0:8000
In EC2 security settings add following in INBOUND settings
HTTP TCP 8000 0.0.0.0/0
Then you should be accessing this machine with URL
http://EC2_PUBLIC_IP:8000
If you want to access the url as
http://EC2_PUBLIC_IP
then run your webserver on port 80 and accordingly change the EC2 security settings.
I figured it out. I need to open up the port on Windows Firewall as well!
All answers here give a solution, I want to post this for completeness.
By default, the runserver command starts the development server on the internal IP at port 8000.
If you want to change the server’s port (the standar port for internet access is 80), pass it as a command-line argument. For instance, this command starts the server on port 80:
$ python manage.py runserver 80
Note: You don't want users have to type :port_number after the url in the browser. Another thing is you might not be the owner of the host machine, so you might not have access to configure firewall settings to allow others ports than 80.
If you want to change the server’s IP, pass it along with the port. So to listen on all public IPs (useful if you want to show off your work on other computers on your network), use:
$ python manage.py runserver 0.0.0.0:80
The documentation on all you need to know about development server can be found here.
Make sure your firewall is not blocking anything.
Try
iptable -F
That will delete all your firewall rules on the machine itself.
Edit: However, you should not use it. If want to add a port to your firewall use the following commend if you're running redhat based distros (e.g centos, rhel)
system-config-firewall
If it not there, try to install it
# yum install system-config-firewall # run it after becoming a root
Delete all rules from your outbound security group and replace with an "all traffic" permissive rule.
Your machine is getting the inbound packet but its reply is getting dropped by the security filter. Your dev's box is going to be sending a packet in with a (semi-) arbitrary source port number.
(Also, you can't bind to the public address on the EC2 instance as that's translated from the private address by routing infrastructure, so it's not actually "on" your box.)
In addition to adding firewall rules that will allow traffic to port 8000/Other
You will have to run the development server such that it listens to requests on all interfaces and not just the local one
python manage.py runserver 0.0.0.0:8000
or any other port you may choose
Leave the Django app as to run locally and try to install nginx in the ec2 instance and proxy the trafic on port 80 to localhost:8000.
Something like this:
server {
listen 80;
server_name www.yoursite.com;
client_max_body_size 1000M;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1000;
proxy_read_timeout 1000;
proxy_pass http://127.0.0.1:8080/; # This is the trick !
proxy_buffering off;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
}
}
You can add the control to serve only for the Developers IP.
Nginx is a lightweight, FAST, SECURE, & SCALABLE Web/Proxy server. The world’s busiest websites use NGINX !
It will run as service, it will listen for all traffic coming from, outgoing to the external world (Internet) and in your case, you would want to tell it to listen for web (port 80) traffic, and redirect it to your Django app (running on port 8000); It is really a nice idea, it is transparent, and, if well tuned, it will empower up your website !
Furthermore, Nginx is very suitable for application delivery for web and mobile. The installation and configuration of nginx is very easy, and you should integrate something similar to the above example to it in order to get your app open to Internet.
I am installing production server for my django apps and I can not make it work. My configuration files can be found here.
Basically I have apache2 installed and running on port 80 for my php applications. I want to run my django apps on nginx with uwsgi, apart from apache2. So I am running nginx on port 8000.
When I open http://IP:8000/ I can see my site properly.
1. But how do I set it up with domain name?
I've set A tag in dns to IP. Now it hits apache2 "it works" page because it hits port 80 on default? So I need to proxy pass all requests to my domain.com? Something like this?
/etc/apache2/sites-enabled/domain.com:
<VirtualHost *:80>
ServerName domain.com
ProxyPreserveHost On
ProxyPass / http://IP:8000
</VirtualHost>
It does not work, so how do I pass all domain requests from apache to nginx?
2. How do I add another domain name? (new app)
Do I just create new socket file for new app, keep it on port 8000 and nginx will decide depending on domain name what conf file to use?
I have not found any similar tutorials, nginx usually handles static files and sends requests to apache2. However I want it other way.
Thanks for your answer. To make it work I had to set apache proxy like this:
<VirtualHost *:80>
ServerName www.domain.com
ProxyPreserveHost On
ProxyPass /static http://XX.XX.XX.XX:8000/static
ProxyPassReverse /static http://XX.XX.XX.XX:8000/static
ProxyPass / http://XX.XX.XX.XX:8000
ProxyPassReverse / http://XX.XX.XX.XX:8000
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.(?!\.css|js|gif|png|jpg|ico))*$
RewriteRule /(.*) http://XX.XX.XX.XX:8000/$1 [P,L]
</VirtualHost>
and enable proxy_http:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo service apache2 restart
1. How do you set it up with domain name?
In the server block of your nginx conf file set the server_name:
server {
listen 8000;
server_name www.my-django-domain-one.foobar;
#rest of your config regarding forwarding to django...
}
Your site will be available at http://www.my-django-domain-one.foobar:8000.
2. How do you add another domain name? (new app)
Nginx will not decide anything based on the conf filename. Create a new conf file or use the existing one (only matters in the sense of how you want to organize your configs)
server {
listen 8000;
server_name www.my-django-domain-two.foobar;
#rest of your config regarding forwarding to django...
}
However, I recommend an approach involving only one web server. Opinions on which to use vary of course but both of them can do what you want to achieve on their own. You add unnecessary complexity to your setup (e.g. two servers to keep patched) and -depending on your traffic- it may even have a significant impact on your performance.
Check out this tutorial to see how you could make your php apps work with nginx and php-fpm.
I busy setting up a development environment for Django Framework using Gunicorn (as Django service) and NGINX (as a Reverse Proxy).
When I look at several tutorials like this one and this one, I see that they use port 8000 and port 8001 (http://127.0.0.1:8000 and http://127.0.0.1:8001). Is there a special reason not to use port 80, like any other webserver?
Port 8000 is often used for radio streaming and malware, so why?
BTW: I am running it using Virtualenv on a Ubuntu 12.04 system.
All ports under 1024 are privileged ports. To bind to a privileged port requires root user permissions and typically you don't want to run gunicorn with root level permissions.
What's done instead is to allow nginx to bind to 127.0.0.1:80 and then proxy requests to port 80 to a non-privileged port like 8000 using an nginx configuration like:
server {
location / {
proxy_pass http://127.0.0.1:8000;
}
}
NGINX listens on port 80 and forwards to Gunicorn. Gunicorn operates on the 127.0.0.1 IP rather than 0.0.0.0, so it isn't listening publicly, and therefore the only way to access the site externally is through port 80.