-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrun_production.py
More file actions
112 lines (92 loc) · 3.79 KB
/
run_production.py
File metadata and controls
112 lines (92 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import os
import sys
import subprocess
import time
from config import get_config
DEFAULT_HTTP_PORT = 5000
DEFAULT_HTTPS_PORT = 5001
def _safe_int_port(value, fallback):
try:
port = int(value)
if 1 <= port <= 65535:
return port
except (TypeError, ValueError):
pass
return fallback
def main():
config = get_config()
server_config = config.get('server', {})
host = os.getenv('HOST', server_config.get('host', '0.0.0.0'))
http_port = _safe_int_port(
os.getenv('HTTP_PORT') or os.getenv('PORT') or server_config.get('port', DEFAULT_HTTP_PORT),
DEFAULT_HTTP_PORT
)
https_port = _safe_int_port(
os.getenv('HTTPS_PORT') or os.getenv('SSL_PORT') or server_config.get('ssl_port', DEFAULT_HTTPS_PORT),
DEFAULT_HTTPS_PORT
)
ssl_config = config.get('ssl', {})
ssl_enabled = bool(ssl_config.get('enabled', False))
force_https = bool(ssl_config.get('force_https', False))
proxy_protocol_v2 = bool(server_config.get('proxy_protocol_v2', False))
proxy_allow_from = str(server_config.get('proxy_protocol_allow_from', '127.0.0.1,::1')).strip()
shared_args = [
"-k", "gevent",
"-w", "1",
"--worker-connections", "1000"
]
if proxy_protocol_v2:
print(f"Proxy Protocol v2 mode enabled. Trusted senders: {proxy_allow_from}")
shared_args.extend(["--proxy-protocol", "--proxy-allow-from", proxy_allow_from])
processes = []
try:
if ssl_enabled:
if http_port == https_port:
print("ERROR: HTTP and HTTPS ports must be different when SSL is enabled.")
sys.exit(1)
cert_file = ssl_config.get('cert_file')
key_file = ssl_config.get('key_file')
if not cert_file or not key_file or not os.path.exists(cert_file) or not os.path.exists(key_file):
print("ERROR: SSL is enabled but certificates were not found!")
sys.exit(1)
http_target = "app:redirect_app" if force_https else "app:app"
http_mode = "Redirector" if force_https else "Lenient (no forced HTTPS redirect)"
print(f"Starting Gunicorn HTTP Server ({http_mode}) on {host}:{http_port}...")
p_http = subprocess.Popen([
"gunicorn",
http_target,
"--bind", f"{host}:{http_port}",
] + shared_args)
processes.append(p_http)
print(f"Starting Gunicorn HTTPS Server (Main) on {host}:{https_port}...")
p_https = subprocess.Popen([
"gunicorn",
"app:app",
"--bind", f"{host}:{https_port}",
"--certfile", cert_file,
"--keyfile", key_file
] + shared_args)
processes.append(p_https)
else:
print(f"Starting Gunicorn HTTP Server on {host}:{http_port}...")
p_http = subprocess.Popen([
"gunicorn",
"app:app",
"--bind", f"{host}:{http_port}",
] + shared_args)
processes.append(p_http)
# Keep main thread alive waiting for subprocesses
for p in processes:
p.wait()
except KeyboardInterrupt:
print("\nShutting down Gunicorn servers...")
for p in processes:
p.terminate()
if __name__ == "__main__":
# Ensure gunicorn is actually installed
try:
subprocess.run(["gunicorn", "--version"], capture_output=True, check=True)
except (subprocess.CalledProcessError, FileNotFoundError):
print("ERROR: Gunicorn is not installed or not in PATH. Please run `pip install gunicorn eventlet`.")
sys.exit(1)
main()