Server Mechanics
preload_app
--preload
False
Load application code before the worker processes are forked.
By preloading an application you can save some RAM resources as well as speed up server boot times. Although, if you defer application loading to each worker process, you can reload your application code easily by restarting workers.
sendfile
--no-sendfile
None
Disables the use of sendfile()
.
If not set, the value of the SENDFILE
environment variable is used to enable or disable its usage.
New in version 19.2.
Changed in version 19.4: Swapped --sendfile
with --no-sendfile
to actually allow disabling.
Changed in version 19.6: added support for the SENDFILE
environment variable
reuse_port
--reuse-port
False
Set the SO_REUSEPORT
flag on the listening socket.
New in version 19.8.
chdir
--chdir
/home/docs/checkouts/readthedocs.org/user_builds/gunicorn-docs/checkouts/20.0.4/docs/source
Chdir to specified directory before apps loading.
daemon
-D, --daemon
False
Daemonize the Gunicorn process.
Detaches the server from the controlling terminal and enters the background.
raw_env
-e ENV, --env ENV
[]
Set environment variable (key=value).
Pass variables to the execution environment. Ex.:
$ gunicorn -b 127.0.0.1:8000 --env FOO=1 test:app
and test for the foo variable environment in your application.
pidfile
-p FILE, --pid FILE
None
A filename to use for the PID file.
If not set, no PID file will be written.
worker_tmp_dir
--worker-tmp-dir DIR
None
A directory to use for the worker heartbeat temporary file.
If not set, the default temporary directory will be used.
Note
The current heartbeat system involves calling os.fchmod
on temporary file handlers and may block a worker for arbitrary time if the directory is on a disk-backed filesystem.
See How do I avoid Gunicorn excessively blocking in os.fchmod? for more detailed information and a solution for avoiding this problem.
user
-u USER, --user USER
1005
Switch worker processes to run as this user.
A valid user id (as an integer) or the name of a user that can be retrieved with a call to pwd.getpwnam(value)
or None
to not change the worker process user.
group
-g GROUP, --group GROUP
205
Switch worker process to run as this group.
A valid group id (as an integer) or the name of a user that can be retrieved with a call to pwd.getgrnam(value)
or None
to not change the worker processes group.
umask
-m INT, --umask INT
0
A bit mask for the file mode on files written by Gunicorn.
Note that this affects unix socket permissions.
A valid value for the os.umask(mode)
call or a string compatible with int(value, 0)
(0
means Python guesses the base, so values like 0
, 0xFF
, 0022
are valid for decimal, hex, and octal representations)
initgroups
--initgroups
False
If true, set the worker process’s group access list with all of the groups of which the specified username is a member, plus the specified group id.
New in version 19.7.
tmp_upload_dir
None
Directory to store temporary request data as they are read.
This may disappear in the near future.
This path should be writable by the process permissions set for Gunicorn workers. If not specified, Gunicorn will choose a system generated temporary directory.
secure_scheme_headers
{'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}
A dictionary containing headers and values that the front-end proxy uses to indicate HTTPS requests. These tell Gunicorn to set wsgi.url_scheme
to https
, so your application can tell that the request is secure.
The dictionary should map upper-case header names to exact string values. The value comparisons are case-sensitive, unlike the header names, so make sure they’re exactly what your front-end proxy sends when handling HTTPS requests.
It is important that your front-end proxy configuration ensures that the headers defined here can not be passed directly from the client.
forwarded_allow_ips
--forwarded-allow-ips STRING
127.0.0.1
Front-end’s IPs from which allowed to handle set secure headers. (comma separate).
Set to *
to disable checking of Front-end IPs (useful for setups where you don’t know in advance the IP address of Front-end, but you still trust the environment).
By default, the value of the FORWARDED_ALLOW_IPS
environment variable. If it is not defined, the default is "127.0.0.1"
.
pythonpath
--pythonpath STRING
None
A comma-separated list of directories to add to the Python path.
e.g. '/home/djangoprojects/myproject,/home/python/mylibrary'
.
paste
--paste STRING, --paster STRING
None
Load a PasteDeploy config file. The argument may contain a #
symbol followed by the name of an app section from the config file, e.g. production.ini#admin
.
At this time, using alternate server blocks is not supported. Use the command line arguments to control server configuration instead.
proxy_protocol
--proxy-protocol
False
Enable detect PROXY protocol (PROXY mode).
Allow using HTTP and Proxy together. It may be useful for work with stunnel as HTTPS frontend and Gunicorn as HTTP server.
PROXY protocol: http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
Example for stunnel config:
[https]
protocol = proxy
accept = 443
connect = 80
cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.key
proxy_allow_ips
--proxy-allow-from
127.0.0.1
Front-end’s IPs from which allowed accept proxy requests (comma separate).
Set to *
to disable checking of Front-end IPs (useful for setups where you don’t know in advance the IP address of Front-end, but you still trust the environment)
raw_paste_global_conf
--paste-global CONF
[]
Set a PasteDeploy global config variable in key=value
form.
The option can be specified multiple times.
The variables are passed to the the PasteDeploy entrypoint. Example:
$ gunicorn -b 127.0.0.1:8000 --paste development.ini --paste-global FOO=1 --paste-global BAR=2
New in version 19.7.
strip_header_spaces
--strip-header-spaces
False
Strip spaces present between the header name and the the :
.
This is known to induce vulnerabilities and is not compliant with the HTTP/1.1 standard. See https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.
Use with care and only if necessary.