- Newest
- Most votes
- Most comments
Open port 443 in ufw
.
I can hit your public IP on port 80 (HTTP) which shows your routing table is alright, but not 443 (HTTPS).
Is there anything wrong with the path setting for the Gunicorn application?
In "settings.py", there is a setting called "chdir", but I was wondering what kind of setting it is.
Also, I think you need to set up a reverse proxy to access Gunicorn from Nginx, have you done so?
https://docs.gunicorn.org/en/latest/deploy.html
Hi Riku. Thank you for your thoughts. To answer your question about Gunicorn, yes I have set up the configuration in Nginx and Gunicorn to work in tandem. However, let me look at the conf file you sent to see if it is equivalent to what I have done. About the "chdir" setting in "settings.py", do youi mean setup.py to create the wheel file? I am not aware of a "settings/py" script. Please elaborate.
The official documentation is below. The default file name is "gunicorn.conf.py". https://docs.gunicorn.org/en/stable/settings.html
Hi Riku. Thanks for the link. I see what you are talking about. My Gunicorn setup is as follows:
[Unit] Description=Gunicorn instance to serve merysol_advisor After=network.target
[Service] User=ubuntu Group=www-data WorkingDirectory=/home/ubuntu/merysol_advisor Environment="PATH=/home/ubuntu/m/erysol_advisor/venv/bin" ExecStart=/home/ubuntu/merysol_advisor/venv/bin/gunicorn --workers 3 --bind unix:merysol_advisor.sock -m 007 wsgi:app
[Install] WantedBy=multi-user.target
And, my nginx configuration is:
server { listen 80; listen 443; server_name merysol.com www.merysol.com;
location / { include proxy_params; proxy_pass http://unix:/home/ubuntu/merysol_advisor/merysol_advisor.sock; }
}
When I run the command nginx -t , I get good feedback so I think the configuration is correct.
I will go through some of the testing options in the unicorn.conf link you sent me to see if I can find the problem -UmbertoWhile sending you Riku my last comment, I realized I had a typo in the Gunicorn configuration. I had : Environment="PATH=/home/ubuntu/m/erysol_advisor/venv/bin"
I fixed it and restarted the Gunicorn service and nginx but there was no change in the behavior. I also notice that trying to acces nginx using https fails with ERR_SSL_PROTOCOL_ERROR in Chrome. This usually means that it is being blocked by the firewall. But I certainly have rules to allow 443 both in the security group and in the ufw.
Thank you for sharing the detailed configuration. ERR_SSL_PROTOCOL_ERROR" can occur if the SSL certificate is incorrectly configured. Looking at the Nginx configuration, it appears that the SSL certificate is not configured, where is the SSL certificate configured?
Hi Riku, Yes the SSL Certificate is missing. Somehow I managed to delete it when I terminated my EC2 Instance and created a new one. I am in the process of getting a new one and creating a Load Balancer with proper security groups' listeners and routing. I think this is the root cause of the issues but we shall soon see.
Domo Arigato Riku
Hi again Riku, Well I have added a new SSL Certificate to the app and configured the AWS Load Balancer to send HTTP and HTTPS traffic ot he App. Howeverm the openssl command still doesn't show the certificate. Is there some additional magic to associate the certificate to the App in AWS? This things is certianly frustrating. Isn't it? -Umberto
If you have ALB, you may not need to set up certificates in EC2. I think we can set up an SSL certificate in ACM for the ALB and set up an HTTPS listener. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Also, am I correct in understanding that EC2 is listening on HTTPS? In that case, I think you need to set the listener protocol to HTTPS in the target group settings, is it set?
Relevant content
- asked 2 years ago
- asked 7 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
Hi, I hadn't opened 443 as I am testing the App. But I just did i just to see if it would make any difference. Unfortunately it did not in terms of letting data into the App. I can tell traffic is getting to nginx and from there to Gunicorn but somehow can't make it to the App. Some stupid mistake along the way, I'm sure