Nginx reverse proxy to app running gunicorn

I’m trying to setup a nginx reverse proxy in one app that proxies to an app running gunicorn. I can’t seem to get it to connect on the internal network. Is there anything special I need to do to access gunicorn on its port ?

The log is like this:

2022/06/02 23:20:44 [error] 550#550: *11 connect() failed (111: Connection refused) while connecting to upstream, client: *********, server: my-nginx-app.fly.dev, request: “GET / HTTP/1.1”, upstream: “http://[internal-ip6-of-my-gunicorn-app]:8080/”, host: “my-nginx-app.fly.dev

My nginx.conf looks like this:

server {
  listen 8080;
  listen [::]:8080;

  server_name my-nginx-app.fly.dev;

  location /healthz {
    return 200 "ok";
  }

  # Proxy to application host
  location / {
      resolver [fdaa::3] valid=5s;
      set $backend "http://my-gunicorn-app.internal:8080";
      proxy_pass $backend;
      #proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $http_host;
  }
}

The gunicorn app is built with some heroku buildpacks, I don’t know if that would somehow mess something up.

The gunicorn app logs also state “Listening at: http://0.0.0.0:8080”.

This is probably because gunicorn is only listening on IPv4. You’ll need to make it listen on IPv6. I think you need to make it listen on :: to make it accessible to nginx on another VM.

That said, you can just run gunicorn in our environment, we handle the proxy for you. If you don’t need anything special from nginx you can skip it!

1 Like

Thanks kurt, you are right. I wish I would have asked earlier because I think there is now a dent on my desk from my head…

I had gunicorn running via Procfile and it by default was binding to 0.0.0.0. I changed it to [::] and now it is working with the internal ipv6 address! I tried to bind to both, [::] and 0.0.0.0, but I guess on linux [::] also works for ipv4.

web: gunicorn -b [::]:$PORT 'my_python_package:main()'

I am trying to migrate an older site that has a lot of quirks, irregular urls, and I think having a caching frontend proxy will make it easier because I have to serve some media from S3 and I hopefully can use an X-Accel-Redirect header to serve the signed urls directly out of S3 after looking them up in the db but then cache most of them to speed things up.

Thanks for your help.