Don’t let ‘python main.py’ hold you back in production
If you’ve ever wondered why your app runs smoothly on your machine but crashes on the server with just a few dozen users, this article is for you. Running an application with the python app.py command directly on the server is a trap. In a local environment, it helps you debug quickly thanks to auto-reload. However, bringing this exact method to a production environment makes your system extremely fragile.
Built-in servers for Flask or Django are usually single-threaded. If hit with 10 heavy requests simultaneously, the application can easily “choke” and freeze. After using Fedora as my primary workstation for two years, I’ve found its package update speed to be excellent. But because packages are always fresh, configuration requires meticulous attention. For better load handling, we need a standard model: Python App <—> Gunicorn (WSGI) <—> Nginx (Reverse Proxy).
Step 1: Environment Setup on Fedora Server
Start by updating your system. Fedora releases patches very quickly; don’t miss them.
sudo dnf update -y
sudo dnf install python3-pip python3-devel nginx -yA golden rule: Always use a Virtual Environment. Installing libraries directly into the system Python can easily break Fedora’s management tools like DNF, which also runs on Python.
mkdir ~/my_app && cd ~/my_app
python3 -m venv venv
source venv/bin/activate
pip install gunicorn flaskStep 2: Managing Gunicorn with Systemd
Gunicorn creates “workers” (child processes) to handle requests. Instead of running commands manually, we’ll delegate this to systemd. This ensures the application automatically restarts after a crash or server reboot.
Create the file: /etc/systemd/system/my_app.service
[Unit]
Description=Gunicorn instance serving my_app
After=network.target
[Service]
User=fedora
Group=fedora
WorkingDirectory=/home/fedora/my_app
Environment="PATH=/home/fedora/my_app/venv/bin"
ExecStart=/home/fedora/my_app/venv/bin/gunicorn --workers 3 --bind unix:my_app.sock -m 007 wsgi:app
[Install]
WantedBy=multi-user.targetThe math: With --workers 3, I apply the formula (2 x CPU cores) + 1. For instance, if you’re using a 1-CPU VPS, 3 workers is ideal. Each Gunicorn worker typically consumes between 50MB and 100MB of RAM depending on the application’s complexity, so balance this with your available resources.
Step 3: Nginx – The Front-line Security Guard
Why not let users connect directly to Gunicorn? Because Nginx handles static files (images, CSS) many times faster. It also supports Gzip compression, request limiting, and protects the app from basic HTTP attacks.
Configure the file at: /etc/nginx/conf.d/my_app.conf
server {
listen 80;
server_name your_domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://unix:/home/fedora/my_app/my_app.sock;
}
location /static/ {
alias /home/fedora/my_app/static/;
}
}Note: On Fedora, Nginx doesn’t come with a proxy_params file like Ubuntu does, so I’ve added the essential headers directly to the block above.
sudo nginx -t && sudo systemctl restart nginxStep 4: Fedora Specialty – “Fixing” 502 Errors caused by SELinux
If you see a 502 Bad Gateway error even when everything seems fine, the main culprit is likely SELinux. Fedora enables strict security by default, preventing Nginx from reading socket files within a user’s home directory.
Instead of disabling SELinux entirely (which is highly insecure), grant permissions properly:
# Allow Nginx to connect to the network
sudo setsebool -P httpd_can_network_connect 1
# Grant Nginx access to the socket
sudo chcon -t httpd_sys_rw_content_t /home/fedora/my_app/my_app.sockFor long-term stability, I recommend moving the socket to /run/my_app/. This is where system services typically place communication files, avoiding permission issues associated with user directories.
Testing and Monitoring
Once everything is running, monitoring logs is mandatory. I typically use the following command to track errors in real-time:
sudo journalctl -u my_app -fIf you see a CPU spike, use htop. Fedora displays threads very clearly, helping you identify exactly which worker is hanging due to a logic error in your code. Deploying an application isn’t hard; what matters is the smooth coordination between code and infrastructure. Good luck with your setup!
