Is middleware necessary when only serving static files?

Question

This is really a philosophical question; I'm curious what the community thinks. I'm not so concerned with the how; but rather the why.

Let's say I want to set up a super simple web server to serve static files (similar to an apt repo). I can do this really easily by installing Apache or Nginx (or others, probably). I configure the web server application to use a root directory, I write a really simple index.html with a link pointing to the directory of the static files if I want a landing page (I could just make the website's root directory the one with the static files and skip making the index.html altogether), and I enable auto indexing by the web server. Maybe I have to configure MIME types, but at least for Nginx, the base install comes pre-configured to handle a handful of common file types. As long as my ports are configured correctly, and assuming I'm not worried about security, I now have a functioning website. Users with my IP can now navigate to my static files and download/display them.

Understanding that there's presently very little security in my newly minted website, I then decide to add authentication. Both Apache and Nginx have modules which can handle username and password, OAuth 2.0, and various other types of authentication as part of the web server. I configure that, and now I have at least a thin layer between me and the rest of the internet.

To take the discussion a step further, I could also serve JS for my website directly from my web server. I'd imagine having a JS file to handle building the header for authentication would be much easier on users than having to hand-construct it each time. I could also use the JS served in this way to make my website feel more "dynamic"--maybe add sort and filter functions for the various static content I'm serving, for example.

At this point, I've achieved everything I need in my website without any software (excepting the JS files) between my web server and the client. Am I missing something important? At what point does middleware like Django, Ruby on Rails, and/or Flask (and their plethora of add-ons and extensions) become necessary?

Obviously I'm not connected to a database in my example, so that makes sense as one of the scenarios I would need middleware for, but are there others?

This question is related, but it has been closed without much discussion or conclusion, and I think the answer and comments provided failed to really get to the core of the question asked.

Answer 1

"Middleware" is a vaguely defined term. I would define Django, Ruby on Rails, and Flask as "server-side web-programming frameworks."

Using a web server without any server-side programming frameworks is typically called "static hosting." It is very common to create websites with static hosting alone.

These days you can even build fairly interactive websites with static hosting by using client side technologies such as JavaScript, jQuery, and React. You may find that you only need to introduce server side scripts for server side data storage to enable features like data backup and login.

As far as security goes, the more technologies you use, the more security vulnerabilities your website is exposed to. Using web frameworks tends to decrease security rather than increase it.