Server Deployment¶
There are several options for aiohttp server deployment:
Standalone server
Running a pool of backend servers behind of nginx, HAProxy or other reverse proxy server
Using gunicorn behind of reverse proxy
Every method has own benefits and disadvantages.
Standalone¶
Just call aiohttp.web.run_app() function passing
aiohttp.web.Application instance.
The method is very simple and could be the best solution in some trivial cases. But it does not utilize all CPU cores.
For running multiple aiohttp server instances use reverse proxies.
Nginx+supervisord¶
Running aiohttp servers behind nginx makes several advantages.
First, nginx is the perfect frontend server. It may prevent many attacks based on malformed http protocol etc.
Second, running several aiohttp instances behind nginx allows to utilize all CPU cores.
Third, nginx serves static files much faster than built-in aiohttp static file support.
But this way requires more complex configuration.
Nginx configuration¶
Here is short example of an Nginx configuration file. It does not cover all available Nginx options.
For full details, read Nginx tutorial and official Nginx documentation.
First configure HTTP server itself:
http {
server {
listen 80;
client_max_body_size 4G;
server_name example.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://aiohttp;
}
location /static {
# path for static files
root /path/to/app/static;
}
}
}
This config listens on port 80 for a server named example.com
and redirects everything to the aiohttp backend group.
Also it serves static files from /path/to/app/static path as
example.com/static.
Next we need to configure aiohttp upstream group:
http {
upstream aiohttp {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# Unix domain servers
server unix:/tmp/example_1.sock fail_timeout=0;
server unix:/tmp/example_2.sock fail_timeout=0;
server unix:/tmp/example_3.sock fail_timeout=0;
server unix:/tmp/example_4.sock fail_timeout=0;
# Unix domain sockets are used in this example due to their high performance,
# but TCP/IP sockets could be used instead:
# server 127.0.0.1:8081 fail_timeout=0;
# server 127.0.0.1:8082 fail_timeout=0;
# server 127.0.0.1:8083 fail_timeout=0;
# server 127.0.0.1:8084 fail_timeout=0;
}
}
All HTTP requests for http://example.com except ones for
http://example.com/static will be redirected to example1.sock,
example2.sock, example3.sock or example4.sock
backend servers. By default, Nginx uses round-robin algorithm for backend
selection.
Note
Nginx is not the only existing reverse proxy server, but it’s the most popular one. Alternatives like HAProxy may be used as well.
Supervisord¶
After configuring Nginx we need to start our aiohttp backends. It’s best to use some tool for starting them automatically after a system reboot or backend crash.
There are many ways to do it: Supervisord, Upstart, Systemd, Gaffer, Circus, Runit etc.
Here we’ll use Supervisord as an example:
[program:aiohttp]
numprocs = 4
numprocs_start = 1
process_name = example_%(process_num)s
; Unix socket paths are specified by command line.
command=/path/to/aiohttp_example.py --path=/tmp/example_%(process_num)s.sock
; We can just as easily pass TCP port numbers:
; command=/path/to/aiohttp_example.py --port=808%(process_num)s
user=nobody
autostart=true
autorestart=true
aiohttp server¶
The last step is preparing the aiohttp server to work with supervisord.
Assuming we have properly configured aiohttp.web.Application
and port is specified by command line, the task is trivial:
# aiohttp_example.py
import argparse
from aiohttp import web
parser = argparse.ArgumentParser(description="aiohttp server example")
parser.add_argument('--path')
parser.add_argument('--port')
if __name__ == '__main__':
app = web.Application()
# configure app
args = parser.parse_args()
web.run_app(app, path=args.path, port=args.port)
For real use cases we perhaps need to configure other things like logging etc., but it’s out of scope of the topic.
Nginx+Gunicorn¶
aiohttp can be deployed using Gunicorn, which is based on a pre-fork worker model. Gunicorn launches your app as worker processes for handling incoming requests.
As opposed to deployment with bare Nginx, this solution does not need to manually run several aiohttp processes and use a tool like supervisord to monitor them. But nothing is free: running aiohttp application under gunicorn is slightly slower.
Prepare environment¶
You first need to setup your deployment environment. This example is based on Ubuntu 16.04.
Create a directory for your application:
>> mkdir myapp
>> cd myapp
Create a Python virtual environment:
>> python3 -m venv venv
>> source venv/bin/activate
Now that the virtual environment is ready, we’ll proceed to install aiohttp and gunicorn:
>> pip install gunicorn
>> pip install aiohttp
Application¶
Lets write a simple application, which we will save to file. We’ll name this file my_app_module.py:
from aiohttp import web
async def index(request):
return web.Response(text="Welcome home!")
my_web_app = web.Application()
my_web_app.router.add_get('/', index)
Application factory¶
As an option an entry point could be a coroutine that accepts no parameters and returns an application instance:
from aiohttp import web
async def index(request):
return web.Response(text="Welcome home!")
async def my_web_app():
app = web.Application()
app.router.add_get('/', index)
return app
Start Gunicorn¶
When Running Gunicorn, you provide the name of the module, i.e. my_app_module, and the name of the app or application factory, i.e. my_web_app, along with other Gunicorn Settings provided as command line flags or in your config file.
In this case, we will use:
the
--bindflag to set the server’s socket address;the
--worker-classflag to tell Gunicorn that we want to use a custom worker subclass instead of one of the Gunicorn default worker types;you may also want to use the
--workersflag to tell Gunicorn how many worker processes to use for handling requests. (See the documentation for recommendations on How Many Workers?)you may also want to use the
--accesslogflag to enable the access log to be populated. (See logging for more information.)
The custom worker subclass is defined in aiohttp.GunicornWebWorker:
>> gunicorn my_app_module:my_web_app --bind localhost:8080 --worker-class aiohttp.GunicornWebWorker
[2017-03-11 18:27:21 +0000] [1249] [INFO] Starting gunicorn 19.7.1
[2017-03-11 18:27:21 +0000] [1249] [INFO] Listening at: http://127.0.0.1:8080 (1249)
[2017-03-11 18:27:21 +0000] [1249] [INFO] Using worker: aiohttp.worker.GunicornWebWorker
[2015-03-11 18:27:21 +0000] [1253] [INFO] Booting worker with pid: 1253
Gunicorn is now running and ready to serve requests to your app’s worker processes.
Note
If you want to use an alternative asyncio event loop
uvloop, you can use the
aiohttp.GunicornUVLoopWebWorker worker class.
Proxy through NGINX¶
We can proxy our gunicorn workers through NGINX with a configuration like this:
worker_processes 1;
user nobody nogroup;
events {
worker_connections 1024;
}
http {
## Main Server Block
server {
## Open by default.
listen 80 default_server;
server_name main;
client_max_body_size 200M;
## Main site location.
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
Since gunicorn listens for requests at our localhost address on port 8080, we can use the proxy_pass directive to send web traffic to our workers. If everything is configured correctly, we should reach our application at the ip address of our web server.
Proxy through NGINX + SSL¶
Here is an example NGINX configuration setup to accept SSL connections:
worker_processes 1;
user nobody nogroup;
events {
worker_connections 1024;
}
http {
## SSL Redirect
server {
listen 80 default;
return 301 https://$host$request_uri;
}
## Main Server Block
server {
# Open by default.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name main;
client_max_body_size 200M;
ssl_certificate /etc/secrets/cert.pem;
ssl_certificate_key /etc/secrets/key.pem;
## Main site location.
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
The first server block accepts regular http connections on port 80 and redirects
them to our secure SSL connection. The second block matches our previous example
except we need to change our open port to https and specify where our SSL
certificates are being stored with the ssl_certificate and ssl_certificate_key
directives.
During development, you may want to create your own self-signed certificates for testing purposes and use another service like Let’s Encrypt when you are ready to move to production.
More information¶
See the official documentation for more information about suggested nginx configuration. You can also find out more about configuring for secure https connections as well.
Logging configuration¶
aiohttp and gunicorn use different format for specifying access log.
By default aiohttp uses own defaults:
'%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"'
For more information please read Format Specification for Access Log.
Proxy through Apache at your own risk¶
Issues have been reported using Apache2 in front of aiohttp server: #2687 Intermittent 502 proxy errors when running behind Apache <https://github.com/aio-libs/aiohttp/issues/2687>.
