Should I always use a reverse proxy for a web app?

huangapple go评论113阅读模式
英文:

Should I always use a reverse proxy for a web app?

问题

我正在使用Go编写一个Web应用程序。目前,我的布局如下:

[CloudFlare] --> [Nginx] --> [程序]

Nginx执行以下操作:

  • 执行一些重定向(例如 www.domain.tld --> domain.tld
  • 添加诸如 X-Frame-Options 的头信息。
  • 处理静态图像。
  • 写入 access.log

过去,我会使用Nginx来执行SSL终止和其他一些任务。由于现在由CloudFlare处理,它实际上只处理静态图像。考虑到Go具有内置的HTTP文件服务器,并且CloudFlare可以接管处理静态图像,我开始想知道为什么一开始要将Nginx放在前面。

不在前面放置任何东西被认为是一个坏主意吗?

英文:

I'm writing a web app in Go. Currently I have a layout that looks like this:

[CloudFlare] --> [Nginx] --> [Program]

Nginx does the following:

  • Performs some redirects (i.e. www.domain.tld --> domain.tld)
  • Adds headers such as X-Frame-Options.
  • Handles static images.
  • Writes access.log.

In the past I would use Nginx as it performed SSL termination and some other tasks. Since that's now handled by CloudFlare, all it does, essentially, is static images. Given that Go has a built in HTTP FileServer and CloudFlare could take over handling static images for me, I started to wonder why Nginx is in-front in the first place.

Is it considered a bad idea to put nothing in-front?

答案1

得分: 7

在你的情况下,你可能可以不运行nginx,但我不建议这样做。

然而,正如我在这个答案中提到的,nginx仍然有很多功能,你需要在Go中重新实现这些功能。

  • 内容安全头
  • SSL(如果CloudFlare终止SSL连接,与你之间的连接是否不安全?)
  • SSL会话缓存和HSTS
  • 客户端请求体限制和头缓冲区
  • 在重新启动Go应用程序时的5xx错误页面和维护页面
  • "免费"日志记录(除非你想在Go应用程序中编写所有这些)
  • gzip压缩(同样,除非你想在Go应用程序中实现)

如果你运行的是内部网络服务或轻量级应用,或者真的不需要nginx的额外功能,那么独立运行Go是有意义的。如果你正在构建Web应用程序,那么nginx将帮助将"Web服务器"任务与应用程序本身分离。

英文:

In your case, you can possibly get away with not running nginx, but I wouldn't recommend it.

However, as I touched on in this answer there's still a lot it can do that you'll need to "reinvent" in Go.

  • Content-Security headers
  • SSL (is the connection between CloudFlare and you insecure if they are terminating SSL?)
  • SSL session caching & HSTS
  • Client body limits and header buffers
  • 5xx error pages and maintenance pages when you're restarting your Go application
  • "Free" logging (unless you want to write all that in your Go app)
  • gzip (again, unless you want to implement that in your Go app)

Running Go standalone makes sense if you are running an internal web service or something lightweight, or genuinely don't need the extra features of nginx. If you're building web applications then nginx is going to help abstract "web server" tasks from the application itself.

答案2

得分: 4

我不会使用nginx,老实说,有人测试了快速的cgi go + nginx,只使用了独立的go库。他得出的结果非常有趣,独立的主机似乎比在nginx后面处理请求要好得多,最后的建议是,如果你不需要nginx的特定功能,就不要使用它。[完整文章] 1

你可以将它作为独立运行,如果你的网站使用部分/完全的ssl,你可以使用另一个go http服务器将其重定向到安全的https路由。

英文:

I wouldn't use nginx at all to be honest, some nice dude tested fast cgi go + nginx and just go standalone library. The results he came up with were quite interesting, the standalone hosting seemed to be much better in handling requests than using it behind nginx, and the final recommendation was that if you don't need specific features of nginx don't use it. [full article] 1

You could run it as standalone and if you're using partial/full ssl on your site you could use another go http server to redirect to safe https routes.

答案3

得分: 3

如果你不需要的话,就不要使用ngnix。
Go语言在SSL方面的代码行数比你在ngnix配置文件中需要编写的行数少。
唯一的原因是免费的日志记录,但我想知道Go语言中有多少行代码是用于日志记录的。
有一篇很好的文章是关于用Go语言编写的200行代码的反向代理。
如果可以使用Go代替ngnix,那么在使用Go时就不需要ngnix。
如果你希望在同一个站点上运行多个Go进程或者同时运行Go和PHP,那么你需要ngnix。
或者如果你使用Go并且在添加ngnix时遇到了一些问题,那么ngnix可以解决这个问题。

英文:

Don't use ngnix if you do not need it.
Go does SSL in less lines then you have to write in ngnix configure file.
The only reason is a free logging but I wonder how many lines of code is logging in Go.
There is nice article in Russian about reverse proxy in Go in 200 lines of code.
If Go could be used instead of ngnix then ngnix is not required when you use Go.
You need ngnix if you wish to have several Go processes or Go and PHP on same site.
Or if you use Go and you have some problem when you add ngnix then it fix the problem.

huangapple
  • 本文由 发表于 2014年1月3日 19:14:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/20902338.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定