Server Deployment

There are several options for aiohttp server deployment:

  • Standalone server

  • Running a pool of backend servers behind of nginx, HAProxy or other reverse proxy server

  • Using gunicorn behind of reverse proxy

Every method has own benefits and disadvantages.

Standalone

Just call aiohttp.web.run_app() function passing aiohttp.web.Application instance.

The method is very simple and could be the best solution in some trivial cases. But it does not utilize all CPU cores.

For running multiple aiohttp server instances use reverse proxies.

Nginx+supervisord

Running aiohttp servers behind nginx makes several advantages.

First, nginx is the perfect frontend server. It may prevent many attacks based on malformed http protocol etc.

Second, running several aiohttp instances behind nginx allows to utilize all CPU cores.

Third, nginx serves static files much faster than built-in aiohttp static file support.

But this way requires more complex configuration.

Nginx configuration

Here is short example of an Nginx configuration file. It does not cover all available Nginx options.

For full details, read Nginx tutorial and official Nginx documentation.

First configure HTTP server itself:

http {
  server {
    listen 80;
    client_max_body_size 4G;

    server_name example.com;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_redirect off;
      proxy_buffering off;
      proxy_pass http://aiohttp;
    }

    location /static {
      # path for static files
      root /path/to/app/static;
    }

  }
}

This config listens on port 80 for a server named example.com and redirects everything to the aiohttp backend group.

Also it serves static files from /path/to/app/static path as example.com/static.

Next we need to configure aiohttp upstream group:

http {
  upstream aiohttp {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response

    # Unix domain servers
    server unix:/tmp/example_1.sock fail_timeout=0;
    server unix:/tmp/example_2.sock fail_timeout=0;
    server unix:/tmp/example_3.sock fail_timeout=0;
    server unix:/tmp/example_4.sock fail_timeout=0;

    # Unix domain sockets are used in this example due to their high performance,
    # but TCP/IP sockets could be used instead:
    # server 127.0.0.1:8081 fail_timeout=0;
    # server 127.0.0.1:8082 fail_timeout=0;
    # server 127.0.0.1:8083 fail_timeout=0;
    # server 127.0.0.1:8084 fail_timeout=0;
  }
}

All HTTP requests for http://example.com except ones for http://example.com/static will be redirected to example1.sock, example2.sock, example3.sock or example4.sock backend servers. By default, Nginx uses round-robin algorithm for backend selection.

Note

Nginx is not the only existing reverse proxy server, but it’s the most popular one. Alternatives like HAProxy may be used as well.

Supervisord

After configuring Nginx we need to start our aiohttp backends. It’s best to use some tool for starting them automatically after a system reboot or backend crash.

There are many ways to do it: Supervisord, Upstart, Systemd, Gaffer, Circus, Runit etc.

Here we’ll use Supervisord as an example:

[program:aiohttp]
numprocs = 4
numprocs_start = 1
process_name = example_%(process_num)s

; Unix socket paths are specified by command line.
command=/path/to/aiohttp_example.py --path=/tmp/example_%(process_num)s.sock

; We can just as easily pass TCP port numbers:
; command=/path/to/aiohttp_example.py --port=808%(process_num)s

user=nobody
autostart=true
autorestart=true

aiohttp server

The last step is preparing the aiohttp server to work with supervisord.

Assuming we have properly configured aiohttp.web.Application and port is specified by command line, the task is trivial:

# aiohttp_example.py
import argparse
from aiohttp import web

parser = argparse.ArgumentParser(description="aiohttp server example")
parser.add_argument('--path')
parser.add_argument('--port')


if __name__ == '__main__':
    app = web.Application()
    # configure app

    args = parser.parse_args()
    web.run_app(app, path=args.path, port=args.port)

For real use cases we perhaps need to configure other things like logging etc., but it’s out of scope of the topic.

Nginx+Gunicorn

aiohttp can be deployed using Gunicorn, which is based on a pre-fork worker model. Gunicorn launches your app as worker processes for handling incoming requests.

As opposed to deployment with bare Nginx, this solution does not need to manually run several aiohttp processes and use a tool like supervisord to monitor them. But nothing is free: running aiohttp application under gunicorn is slightly slower.

Prepare environment

You first need to setup your deployment environment. This example is based on Ubuntu 16.04.

Create a directory for your application:

>> mkdir myapp
>> cd myapp

Create a Python virtual environment:

>> python3 -m venv venv
>> source venv/bin/activate

Now that the virtual environment is ready, we’ll proceed to install aiohttp and gunicorn:

>> pip install gunicorn
>> pip install aiohttp

Application

Lets write a simple application, which we will save to file. We’ll name this file my_app_module.py:

from aiohttp import web

async def index(request):
    return web.Response(text="Welcome home!")


my_web_app = web.Application()
my_web_app.router.add_get('/', index)

Application factory

As an option an entry point could be a coroutine that accepts no parameters and returns an application instance:

from aiohttp import web

async def index(request):
    return web.Response(text="Welcome home!")


async def my_web_app():
    app = web.Application()
    app.router.add_get('/', index)
    return app

Start Gunicorn

When Running Gunicorn, you provide the name of the module, i.e. my_app_module, and the name of the app or application factory, i.e. my_web_app, along with other Gunicorn Settings provided as command line flags or in your config file.

In this case, we will use:

  • the --bind flag to set the server’s socket address;

  • the --worker-class flag to tell Gunicorn that we want to use a custom worker subclass instead of one of the Gunicorn default worker types;

  • you may also want to use the --workers flag to tell Gunicorn how many worker processes to use for handling requests. (See the documentation for recommendations on How Many Workers?)

  • you may also want to use the --accesslog flag to enable the access log to be populated. (See logging for more information.)

The custom worker subclass is defined in aiohttp.GunicornWebWorker:

>> gunicorn my_app_module:my_web_app --bind localhost:8080 --worker-class aiohttp.GunicornWebWorker
[2017-03-11 18:27:21 +0000] [1249] [INFO] Starting gunicorn 19.7.1
[2017-03-11 18:27:21 +0000] [1249] [INFO] Listening at: http://127.0.0.1:8080 (1249)
[2017-03-11 18:27:21 +0000] [1249] [INFO] Using worker: aiohttp.worker.GunicornWebWorker
[2015-03-11 18:27:21 +0000] [1253] [INFO] Booting worker with pid: 1253

Gunicorn is now running and ready to serve requests to your app’s worker processes.

Note

If you want to use an alternative asyncio event loop uvloop, you can use the aiohttp.GunicornUVLoopWebWorker worker class.

Proxy through NGINX

We can proxy our gunicorn workers through NGINX with a configuration like this:

worker_processes 1;
user nobody nogroup;
events {
    worker_connections 1024;
}
http {
    ## Main Server Block
    server {
        ## Open by default.
        listen                80 default_server;
        server_name           main;
        client_max_body_size  200M;

        ## Main site location.
        location / {
            proxy_pass                          http://127.0.0.1:8080;
            proxy_set_header                    Host $host;
            proxy_set_header X-Forwarded-Host   $server_name;
            proxy_set_header X-Real-IP          $remote_addr;
        }
    }
}

Since gunicorn listens for requests at our localhost address on port 8080, we can use the proxy_pass directive to send web traffic to our workers. If everything is configured correctly, we should reach our application at the ip address of our web server.

Proxy through NGINX + SSL

Here is an example NGINX configuration setup to accept SSL connections:

worker_processes 1;
user nobody nogroup;
events {
    worker_connections 1024;
}
http {
    ## SSL Redirect
    server {
        listen 80       default;
        return 301      https://$host$request_uri;
    }

    ## Main Server Block
    server {
        # Open by default.
        listen                443 ssl default_server;
        listen                [::]:443 ssl default_server;
        server_name           main;
        client_max_body_size  200M;

        ssl_certificate       /etc/secrets/cert.pem;
        ssl_certificate_key   /etc/secrets/key.pem;

        ## Main site location.
        location / {
            proxy_pass                          http://127.0.0.1:8080;
            proxy_set_header                    Host $host;
            proxy_set_header X-Forwarded-Host   $server_name;
            proxy_set_header X-Real-IP          $remote_addr;
        }
    }
}

The first server block accepts regular http connections on port 80 and redirects them to our secure SSL connection. The second block matches our previous example except we need to change our open port to https and specify where our SSL certificates are being stored with the ssl_certificate and ssl_certificate_key directives.

During development, you may want to create your own self-signed certificates for testing purposes and use another service like Let’s Encrypt when you are ready to move to production.

More information

See the official documentation for more information about suggested nginx configuration. You can also find out more about configuring for secure https connections as well.

Logging configuration

aiohttp and gunicorn use different format for specifying access log.

By default aiohttp uses own defaults:

'%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"'

For more information please read Format Specification for Access Log.

Proxy through Apache at your own risk

Issues have been reported using Apache2 in front of aiohttp server: #2687 Intermittent 502 proxy errors when running behind Apache <https://github.com/aio-libs/aiohttp/issues/2687>.