Merge pull request #206 from reef-technologies/gunicorn-unix

Use unix domain socket for gunicorn
reef-technologies · Nov 4, 2024 · c2504ec · c2504ec
2 parents ad24032 + 457a37d
commit c2504ec
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 12 deletions.
diff --git a/{{cookiecutter.repostory_name}}/app/envs/prod/Dockerfile b/{{cookiecutter.repostory_name}}/app/envs/prod/Dockerfile
@@ -62,6 +62,4 @@ RUN grep psycopg pdm.lock && apk add --no-cache libpq || true
 RUN grep Pillow pdm.lock && apk add --no-cache jpeg tiff zlib libwebp || true
 {%- endif %}
 
-EXPOSE 8000
-
 CMD ["./entrypoint.sh"]
diff --git a/{{cookiecutter.repostory_name}}/app/envs/prod/gunicorn.conf.py b/{{cookiecutter.repostory_name}}/app/envs/prod/gunicorn.conf.py
@@ -12,7 +12,7 @@
     workers = min(max_workers, workers)
 threads = env.int("GUNICORN_THREADS", 1)
 preload_app = env.bool("GUNICORN_PRELOAD_APP", True)
-bind = "0.0.0.0:8000"
+bind = "unix:/var/run/gunicorn/gunicorn.sock"
 {%- if cookiecutter.use_channels == "y" %}
 wsgi_app = "{{ cookiecutter.django_project_name }}.asgi:application"
 {%- else %}

diff --git a/{{cookiecutter.repostory_name}}/app/src/healthcheck.py b/{{cookiecutter.repostory_name}}/app/src/healthcheck.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+import argparse
+import socket
+import sys
+
+
+def healthcheck(socket_path: str, url: str):
+    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as s:
+        s.settimeout(1)
+        s.connect(socket_path)
+        req = f"GET {url} HTTP/1.1\r\n\r\n"
+        s.sendall(req.encode())
+        response = s.recv(64)
+        assert response, "No response received"
+
+        status_code = int(response.decode().split()[1])
+        assert status_code == 200, f"Unexpected status code: {status_code}"
+
+        sys.stdout.write("OK\n")
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("socket_path", type=str, help="Path to the socket file")
+    parser.add_argument("--url", type=str, required=False, default="/admin/login/", help="URL to check")
+    args = parser.parse_args()
+
+    try:
+        healthcheck(args.socket_path, args.url)
+    except Exception as e:
+        sys.stderr.write(f"Error: {e}\n")
+        sys.exit(1)
diff --git a/{{cookiecutter.repostory_name}}/devops/tf/main/files/docker-compose.yml b/{{cookiecutter.repostory_name}}/devops/tf/main/files/docker-compose.yml
@@ -6,6 +6,8 @@ services:
     init: true
     restart: always
     env_file: ./.env
+    healthcheck:
+      test: ["CMD", "./healthcheck.py", "/var/run/gunicorn/gunicorn.sock"]
     {% if cookiecutter.monitoring == 'y' %}
     environment:
       # Add this variable to all containers that should dump Prometheus metrics.  Each container besides this one
@@ -16,6 +18,7 @@ services:
     {% endif %}
     volumes:
       - backend-static:/root/src/static
+      - gunicorn-socket:/var/run/gunicorn
       - ./media:/root/src/media
     {% if cookiecutter.monitoring == 'y' %}
       # Add this mount to each container that should dump Prometheus metrics.
@@ -67,7 +70,7 @@ services:
     image: 'ghcr.io/reef-technologies/nginx-rt:v1.2.2'
     restart: unless-stopped
     healthcheck:
-      test: wget -q --spider http://0.0.0.0:8000/admin/login || exit 1
+      test: wget -q --spider http://0.0.0.0:8000/admin/login/ || exit 1
     depends_on:
       - app
       {% if cookiecutter.monitoring == 'y' %}
@@ -86,6 +89,7 @@ services:
       - backend-static:/srv/static:ro
       - ./media:/srv/media:ro
       - ./nginx/monitoring_certs:/etc/monitoring_certs
+      - gunicorn-socket:/var/run/gunicorn:ro
     logging:
       driver: awslogs
       options:
@@ -100,3 +104,4 @@ services:
 
 volumes:
   backend-static:
+  gunicorn-socket:
diff --git a/{{cookiecutter.repostory_name}}/devops/tf/main/files/nginx/templates/default.conf.template b/{{cookiecutter.repostory_name}}/devops/tf/main/files/nginx/templates/default.conf.template
@@ -1,3 +1,7 @@
+upstream gunicorn {
+    server unix:/var/run/gunicorn/gunicorn.sock fail_timeout=0;
+}
+
 server {
     listen 8000 default_server;
     server_name _;
@@ -43,7 +47,7 @@ server {
         {% if cookiecutter.nginx_tls_early_data_enabled == 'y' -%}
         proxy_set_header Early-Data $ssl_early_data;
         {%- endif %}
-        proxy_pass http://app:8000/;
+        proxy_pass http://gunicorn;
     }
 }
 
@@ -98,7 +102,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X_SCHEME $scheme;
-        proxy_pass http://app:8000/metrics;
+        proxy_pass http://gunicorn/metrics;
     }
 
     location /business-metrics/ {
@@ -107,7 +111,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X_SCHEME $scheme;
-        proxy_pass http://app:8000/business-metrics;
+        proxy_pass http://gunicorn/business-metrics;
     }
 
 }

diff --git a/{{cookiecutter.repostory_name}}/envs/prod/docker-compose.yml b/{{cookiecutter.repostory_name}}/envs/prod/docker-compose.yml
@@ -35,7 +35,7 @@ services:
       dockerfile: app/Dockerfile
     image: {{cookiecutter.django_project_name}}/app
     healthcheck:
-      test: wget -q --spider 127.0.0.1:8000/admin/login/ || exit 1
+      test: ["CMD", "./healthcheck.py", "/var/run/gunicorn/gunicorn.sock"]
     init: true
     restart: unless-stopped
     env_file: ./.env
@@ -49,6 +49,7 @@ services:
     {%- endif %}
     volumes:
       - backend-static:/root/src/static
+      - gunicorn-socket:/var/run/gunicorn
       - ./media:/root/src/media
       {% if cookiecutter.monitoring == 'y' -%}
       # Add this mount to each container that should dump Prometheus metrics.
@@ -125,7 +126,7 @@ services:
     healthcheck:
       test: [
         "CMD-SHELL",
-        "curl 0.0.0.0:80 -s --fail -H \"Host: $NGINX_HOST\" -H \"User-Agent: docker-compose-healthcheck\" -o /dev/null || exit 1"
+        "curl 0.0.0.0:80/admin/login/ -s --fail -H \"Host: $NGINX_HOST\" -H \"User-Agent: docker-compose-healthcheck\" -o /dev/null || exit 1"
       ]
       interval: 30s
       retries: 5
@@ -140,6 +141,7 @@ services:
       - ./media:/srv/media:ro
       - ./letsencrypt/etc:/etc/letsencrypt
       - ./nginx/monitoring_certs:/etc/monitoring_certs
+      - gunicorn-socket:/var/run/gunicorn:ro
     depends_on:
       - app
       {% if cookiecutter.monitoring == 'y' %}
@@ -217,3 +219,4 @@ services:
 
 volumes:
   backend-static:
+  gunicorn-socket:
diff --git a/{{cookiecutter.repostory_name}}/nginx/templates/default.conf.template b/{{cookiecutter.repostory_name}}/nginx/templates/default.conf.template
@@ -5,6 +5,10 @@
 # Generated for Intermediate configuration, nginx 1.20.1 or later
 #
 
+upstream gunicorn {
+    server unix:/var/run/gunicorn/gunicorn.sock fail_timeout=0;
+}
+
 server {
     listen 80 default_server;
     server_name _;
@@ -106,7 +110,7 @@ server {
         {% if cookiecutter.nginx_tls_early_data_enabled == 'y' -%}
         proxy_set_header Early-Data $ssl_early_data;
         {%- endif %}
-        proxy_pass http://app:8000/;
+        proxy_pass http://gunicorn;
     }
 }
 
@@ -161,7 +165,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X_SCHEME $scheme;
-        proxy_pass http://app:8000/metrics;
+        proxy_pass http://gunicorn/metrics;
     }
 
     location /business-metrics {
@@ -170,7 +174,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X_SCHEME $scheme;
-        proxy_pass http://app:8000/business-metrics;
+        proxy_pass http://gunicorn/business-metrics;
     }
 }
 {%- endif %}