buildpacks-python
buildpacks-python copied to clipboard
heroku
Automatically configure the Gunicorn web server
The classic Heroku Python buildpack automatically configures gunicorn at runtime (it sets FORWARDED_ALLOW_IPS and GUNICORN_CMD_ARGS):
https://github.com/heroku/heroku-buildpack-python/blob/main/vendor/python.gunicorn.sh
Something similar to that should be added to the Python CNB for parity with the classic buildpack.
Notes:
-
FORWARDED_ALLOW_IPSis used by both gunicorn and uvicorn. Setting it to*is environment-specific (since it requires knowing there is a LB/proxy that's correctly setting headers), and forgetting to set it (eg in the app's own config) can result in confusing behaviour (eg HTTP -> HTTPS redirect loops). Therefore we should continue to do so in the CNB. - Setting
--access-logfile -inGUNICORN_CMD_ARGShas caused confusion in customer tickets for the classic buildpack (example; since it's not obvious how the access logs are being enabled, or how to override that. Plus the default access log format includes query strings which can in some cases contain tokens/secrets). Given the Heroku router already emits access logs, it feels like adding additional gunicorn-level access logs should be an app concern, and not something the buildpack magically configures. So I think we should drop this for the CNB, and update the Python getting started guide'sgunicorn.conf.pyto demonstrate enabling access logs (and for bonus points, how to change the format).
- So I think we should drop this for the CNB, and update the Python getting started guide's
gunicorn.conf.pyto demonstrate enabling access logs (and for bonus points, how to change the format).
The getting started guide now configures access logs explicitly (and with an improved log format): https://github.com/heroku/python-getting-started/pull/246