The case for Nginx in front of application servers

2014-12-13 12:31

As a rule of thumb, an application server should never face the Internet directly, unless of course Nginx (or OpenResty) is being used as such. This is not only for performance reasons, although this is not much of a concern anymore with modern runtimes such as Go or Node, but mostly for flexibility and security reasons.

Here are some key points to consider:

At this point, Nginx is a proven and battle-tested HTTP server

This allows keeping the application as simple as possible: Nginx will handle logging, compression, SSL, and so on

In case the application server goes down, Nginx will still serve a 50x page so visitors know that something is wrong

Nginx has built-in load-balancing features, it also allows running several application servers on the same IP address

Nginx has built-in caching features (with on-disk persistence)

Nginx has rich rate-limiting features, which are especially useful for APIs

Nginx helps protecting against some DoS attacks (such as low-bandwidth Application Layer attacks)

Lastly, one aspect which tend to be forgotten these days is the importance of server logs. While in some cases it might be an accepable solution to use Google Analytics or Piwik, for measuring APIs traffic however, there is no better option. For a modern real-time log analyzer, I heartily recommend GoAccess, or my very own Logswan if you feel adventurous!