From 6adf077ee58ef7d5d7cd86437e4288234923166c Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Mon, 29 Sep 2025 21:37:41 +0200 Subject: [PATCH] removed outside guincorn binding --- boot.sh | 16 +++------------- docs/system/configuration.md | 9 ++++++--- http.d/Recipes.conf.template | 6 +++--- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/boot.sh b/boot.sh index e7df4f790..5116c3c7a 100755 --- a/boot.sh +++ b/boot.sh @@ -2,7 +2,7 @@ source venv/bin/activate # these are envsubst in the nginx config, make sure they default to something sensible when unset -export TANDOOR_PORT="${TANDOOR_PORT:-8080}" +export TANDOOR_PORT="${TANDOOR_PORT:-80}" export MEDIA_ROOT=${MEDIA_ROOT:-/opt/recipes/mediafiles}; export STATIC_ROOT=${STATIC_ROOT:-/opt/recipes/staticfiles}; @@ -12,11 +12,6 @@ GUNICORN_LOG_LEVEL="${GUNICORN_LOG_LEVEL:-'info'}" PLUGINS_BUILD="${PLUGINS_BUILD:-0}" -if [ "${TANDOOR_PORT}" -eq 80 ]; then - echo "TANDOOR_PORT set to 8080 because 80 is now taken by the integrated nginx" - TANDOOR_PORT=8080 -fi - display_warning() { echo "[WARNING]" echo -e "$1" @@ -29,7 +24,6 @@ envsubst '$MEDIA_ROOT $STATIC_ROOT $TANDOOR_PORT' < /opt/recipes/http.d/Recipes. echo "Starting nginx" nginx - echo "Checking configuration..." # SECRET_KEY (or a valid file at SECRET_KEY_FILE) must be set in .env file @@ -110,9 +104,5 @@ chmod -R 755 ${MEDIA_ROOT:-/opt/recipes/mediafiles} ipv6_disable=$(cat /sys/module/ipv6/parameters/disable) echo "Starting gunicorn" -# Check if IPv6 is enabled, only then run gunicorn with ipv6 support -if [ "$ipv6_disable" -eq 0 ]; then - exec gunicorn -b "[::]:$TANDOOR_PORT" --workers $GUNICORN_WORKERS --threads $GUNICORN_THREADS --access-logfile - --error-logfile - --log-level $GUNICORN_LOG_LEVEL recipes.wsgi -else - exec gunicorn -b ":$TANDOOR_PORT" --workers $GUNICORN_WORKERS --threads $GUNICORN_THREADS --access-logfile - --error-logfile - --log-level $GUNICORN_LOG_LEVEL recipes.wsgi -fi +exec gunicorn --bind unix:/run/tandoor.sock --workers $GUNICORN_WORKERS --threads $GUNICORN_THREADS --access-logfile - --error-logfile - --log-level $GUNICORN_LOG_LEVEL recipes.wsgi + diff --git a/docs/system/configuration.md b/docs/system/configuration.md index f5615f688..91a3d4bb0 100644 --- a/docs/system/configuration.md +++ b/docs/system/configuration.md @@ -96,12 +96,15 @@ Configuration options for serving related services. #### Port -> default `8080` - options: `1-65535` +> default `80` - options: `1-65535` -Port for gunicorn to bind to. Should not be changed if using docker stack with reverse proxy. +!!! warning + Changed in version 2.3 to no longer configure the port of gunicorn but the port of the internal nginx + +Port where Tandoor exposes its internal web server. ``` -TANDOOR_PORT=8080 +TANDOOR_PORT=80 ``` diff --git a/http.d/Recipes.conf.template b/http.d/Recipes.conf.template index a3d5cd226..a2187c090 100644 --- a/http.d/Recipes.conf.template +++ b/http.d/Recipes.conf.template @@ -1,6 +1,6 @@ server { - listen 80; - listen [::]:80 ipv6only=on; + listen ${TANDOOR_PORT}; + listen [::]:${TANDOOR_PORT} ipv6only=on; server_name localhost; client_max_body_size 128M; @@ -19,7 +19,7 @@ server { # pass requests for dynamic content to gunicorn location / { proxy_set_header Host $http_host; - proxy_pass http://localhost:${TANDOOR_PORT}; + proxy_pass http://unix:/run/tandoor.sock; # disabled for now because it redirects to the error page and not back, also not showing html #error_page 502 /errors/http502.html;