[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/gunicorn.sock
# Our service won't need permissions for the socket, since it
# inherits the file descriptor by socket activation
# only the nginx daemon will need access to the socket
User=http
# Optionally restrict the socket permissions even more.
# Mode=600

[Install]
WantedBy=sockets.target