0

Im tying some loose ends on application deployment for production and my question goes like this

Should you, in production, always have an nginx (or any other web server) to front for your web applications (node, php, python, ruby)?

I guess it makes sense to offload ssl, keepalive connections, error page serving and other http server stuff (caching maybe?) but is there any argument in favor of just having your de facto application server handling everything? is security a concern in this realm?

Thanks in advance,

Juan Sebastian
  • 968
  • 1
  • 7
  • 20
  • Take a look at this http://stackoverflow.com/questions/16770673/using-node-js-only-vs-using-node-js-with-apache-nginx. Using nginx as a front door seems to address security concerns, " CVE-2013-4450 is prevented by running something like Nginx in front of Node " – Aarish Ramesh May 17 '17 at 13:32
  • Also this article has some good content for your question https://www.quora.com/Should-I-host-a-node-js-project-without-nginx – Aarish Ramesh May 17 '17 at 13:40
  • I mean, i understand that for node it is a very valid strategy, however, this still holds true for other server-side languages? or is it more like a specific case rather than the general rule? Because in my research i found a lot of material about node related nginx deployments, however it doesnt seem to be the case for ruby/python/php/java – Juan Sebastian May 19 '17 at 07:52
  • E.g. Azure offers Front Door as a front door to your application – zolty13 Mar 10 '22 at 14:50

1 Answers1

0

To reply this question i would like to invoke the KISS principle as in keep it simple....you know the rest,

After doing a bit of research among fellow devs and ops guys i figured out that unless you actually have a purpose (mitigating a specific security flaw, serving static files, revProxy requests to balance the load among several app servers) having a web server as the front of your web application can do more harm than good, as it is a separate component to administrate and can potentially introduce security issues while increasing the overhead,

Different server-side languages have different specific solutions for their needs, java has tomcat jboss and the old glassfish, and ruby has unicorn + raptor, so it is a matter of checking each apps' needs in production.

Juan Sebastian
  • 968
  • 1
  • 7
  • 20