Python Advanced

FastAPI Deployment — Docker, Uvicorn and Gunicorn

Q: Why use Gunicorn with Uvicorn workers instead of just Uvicorn?

While Uvicorn has a `--workers` flag, Gunicorn is a battle-tested process manager that has been the industry standard for over a decade. It offers more sophisticated heartbeats, worker timeouts, and signals handling. If you are deploying on 'bare' servers or VMs, Gunicorn is mandatory. However, if you are using Kubernetes, you can often run Uvicorn alone because Kubernetes itself acts as the process manager, handling replicas and health checks at the pod level.

Q: How do I handle database migrations in a Docker deployment?

Never put migration commands (like `alembic upgrade head`) inside your Docker `CMD`. This causes race conditions if you scale to multiple containers. Instead, run migrations as a separate 'init-container' in Kubernetes or a one-off task in your CI/CD pipeline before the new image goes live.

📅 March 05, 2026 ⏱ 8 min read 🎯 Advanced

⚡ Quick Answer

For development, use uvicorn main:app --reload. For production, the industry standard is using Gunicorn as a process manager to handle multiple Uvicorn workers: gunicorn main:app -w 4 -k uvicorn.workers.UvicornWorker. This setup provides the process resilience of Gunicorn with the raw ASGI speed of Uvicorn. When deploying to the cloud, wrap this in a multi-stage Docker container to minimize image size and maximize security.

The Production Stack: Gunicorn + Uvicorn

Uvicorn is incredibly fast, but it lacks the advanced process management features required for 99.9% uptime. Gunicorn acts as the master process that manages the lifecycle of several Uvicorn worker processes. This architecture allows you to utilize multiple CPU cores effectively while maintaining a single entry point for your traffic.

deployment_commands.sh · BASH

123456789101112131415

# Install the production stack
pip install fastapi gunicorn uvicorn

# 1. Development Mode (Single process, auto-reload)
uvicorn io.thecodeforge.main:app --reload --host 127.0.0.1 --port 8000

# 2. Production Mode (Gunicorn as Process Manager)
# -w 4: Spawns 4 worker processes
# -k: Tells Gunicorn to use the Uvicorn worker class
gunicorn io.thecodeforge.main:app \
    --workers 4 \
    --worker-class uvicorn.workers.UvicornWorker \
    --bind 0.0.0.0:8000 \
    --access-logfile - \
    --error-logfile -

▶ Output

[INFO] Starting gunicorn 22.0.0
[INFO] Listening at: http://0.0.0.0:8000
[INFO] Booting worker with pid: 42

Production-Grade Dockerfile

A naive Dockerfile creates a bloated image. At TheCodeForge, we use a 'slim' base image and careful layer ordering. By copying only requirements.txt first, we ensure that Docker only re-installs your libraries if the dependencies change, drastically speeding up your CI/CD pipeline.

Dockerfile · DOCKERFILE

12345678910111213141516171819202122232425262728

# Use an official Python slim image for a smaller footprint
FROM python:3.12-slim

# Prevents Python from writing pyc files and buffering stdout/stderr
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

WORKDIR /app

# Install system dependencies if needed (e.g., libpq for Postgres)
# RUN apt-get update && apt-get install -y --no-install-recommends gcc && rm -rf /var/lib/apt/lists/*

# Layer caching: Install dependencies first
COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade -r requirements.txt

# Copy the application code
COPY . .

# Create a non-privileged user for security
RUN adduser --disabled-password forgeuser
USER forgeuser

# Expose the port FastAPI will run on
EXPOSE 8000

# Run Gunicorn with Uvicorn workers
CMD ["gunicorn", "io.thecodeforge.main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "--bind", "0.0.0.0:8000"]

▶ Output

Successfully built and tagged thecodeforge-api:latest

Robust Configuration with Pydantic Settings

Hardcoding database strings is a security hazard. We use pydantic-settings to create a strictly typed configuration object that pulls from environment variables. This ensures that if a required variable like DATABASE_URL is missing, the application will fail loudly at startup rather than crashing later in the middle of a request.

io/thecodeforge/config.py · PYTHON

1234567891011121314

from pydantic import Field, PostgresDsn
from pydantic_settings import BaseSettings, SettingsConfigDict

class ForgeSettings(BaseSettings):
    # Automatically reads from FORGE_DATABASE_URL or .env
    database_url: PostgresDsn
    secret_key: str = Field(min_length=32)
    debug: bool = False

    # Configuration for environment file loading
    model_config = SettingsConfigDict(env_file=".env", env_prefix="FORGE_")

# Instantiate once for singleton usage
settings = ForgeSettings()

▶ Output

Settings validated and loaded successfully.

🎯 Key Takeaways

Never use --reload in production; it monitors file descriptors which causes significant overhead and potential security leaks.
Gunicorn handles the 'Manager' role (restarting dead workers), while Uvicorn handles the 'Worker' role (parsing async HTTP).
Worker calculation: Standard heuristic is (2 x CPU Cores) + 1. On a 2-core cloud VM, use 5 workers.
Containerization: Always run as a non-root user (USER forgeuser) in your Dockerfile to mitigate container escape vulnerabilities.
Pydantic Settings: Use env_prefix to prevent collision with system environment variables.

Interview Questions on This Topic

QExplain the 'Master-Worker' architecture of Gunicorn. What happens to the Master process if a Worker process encounters a Segmentation Fault?
QIn a Docker context, why is it considered a 'best practice' to use a .dockerignore file for Python applications, and which specific folders should be included?
QHow does the `PYTHONUNBUFFERED` environment variable affect log visibility in containerized environments like AWS ECS or Google Cloud Run?
QScenario: You are deploying to a 16-core machine. Following the `(2n + 1)` rule gives you 33 workers. Why might this actually degrade performance for a high-concurrency FastAPI app, and how would you tune it?
QWhat is the difference between `EXPOSE` and `PUBLISH` in Docker, and which one actually controls network access to your FastAPI app?

Frequently Asked Questions

Why use Gunicorn with Uvicorn workers instead of just Uvicorn?

While Uvicorn has a --workers flag, Gunicorn is a battle-tested process manager that has been the industry standard for over a decade. It offers more sophisticated heartbeats, worker timeouts, and signals handling. If you are deploying on 'bare' servers or VMs, Gunicorn is mandatory. However, if you are using Kubernetes, you can often run Uvicorn alone because Kubernetes itself acts as the process manager, handling replicas and health checks at the pod level.

How do I handle database migrations in a Docker deployment?

Never put migration commands (like alembic upgrade head) inside your Docker CMD. This causes race conditions if you scale to multiple containers. Instead, run migrations as a separate 'init-container' in Kubernetes or a one-off task in your CI/CD pipeline before the new image goes live.

What is the 'Zombie Worker' problem in FastAPI deployments?

If a worker process gets stuck in a CPU-heavy loop (like an infinite while loop), it may stop responding to Gunicorn's heartbeats. Gunicorn will eventually kill and restart it. This is why we use async—to ensure the worker is always 'yielding' back to the manager during I/O waits.

🔥

Naren Founder & Author

Developer and founder of TheCodeForge. I built this site because I was tired of tutorials that explain what to type without explaining why it works. Every article here is written to make concepts actually click.

About Naren Get in touch

Forged with 🔥 at TheCodeForge.io — Where Developers Are Forged