我是否需要在Google App Engine后面设置反向代理? [英] Do i need to Setup a Reverse Proxy behind Google App Engine or not?
问题描述
我在 Google App引擎
上运行我的应用程序,并将我从GoDaddy购买的域
链接到应用程序引擎以及我也从GoDaddy购买的 SSL
。 我在很多网站上阅读过它在端口80上运行服务器
而没有反向代理
会导致您的主要安全问题。但我看不到他们在谈论哪些问题。另外,当我在 5555端口上运行我的应用程序时,我甚至试图ping我的域名,IP地址为
216.239.XX.21
其中X个可能的值可以是(32,34,36和38)
,对于所有其他 App Engine
服务器。所以我认为,如果任何黑客/恶意
用户试图对我的应用程序做一些恶意的事情,那么为了做到这一点,他/她必须知道我的IP App Engine
默认隐藏。
所以,我想知道 App Engine
已经隐藏我的IP ,所以我必须使用任何反向代理服务器
,比如 Nginx
在我的 App Engine
或不是?
另外如果我需要使用反向代理
然后我看到了这两个帖子 nginx-as-reverse-proxy-for-google-app-engine-application
和使用-nginx-as-a-reverse-proxy-for-speedy-app-engine-开发/ 。
在第一篇文章中,它是不是
建议使用反向代理
,而在第二篇文章中,建议使用反向代理
。这是我的困惑,这将是更好的方法。
请帮助我的人。
在Google群组上发布这个问题后,他们告诉我,无需为灵活和标准环境设置反向代理。
- 如果您使用的是App Engine Flexible环境[3],则可以使用静态IP对于您的实例,因为他们使用Compute Engine
标准环境中的App Engine实例 1 没有公共静态IP地址,并且完全受
主前端服务器的保护。首先请求您的应用程序访问
Google前端,然后前端根据您上传的证书[2]执行SSL安全检查
,然后将
请求转发给您App Engine实例使用其内部IP。
因此,不需要反向代理。
VMs [4]。但是,App Engine会在
前自动加载每个App Engine Flexible实例预配置的Nginx代理,因此您根本没有
来设置它。您只需按照
指南上传您的SSL证书[5],就可以通过Google
前端审核请求,就像上面的标准环境一样。因此,不需要添加
反向代理。 >可在此处找到完整答案 问题I am running my app on
Google App engine
and I have linked mydomain
which I bought from GoDaddy to the app engine along with theSSL
which I have also bought from GoDaddy.I read it on many sites that running server on
port 80
withoutReverse Proxy
can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app onport 5555
i even tried to ping my domain and the IP was216.239.XX.21
where X possible values can be(32, 34, 36 and 38)
which is same for all otherApp Engine
server. So I think that as if anyhacker/malicious
user tries to do something malicious to my app then in order to do that he/she have to know my IP whichApp Engine
is hiding by default.So, I want to know as
App Engine
is already hiding my IP so do I have to use anyReverse Proxy Server
likeNginx
on myApp Engine
or not ??Also if I need to use
Reverse Proxy
then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.Where in First Post it is
not
recommended to useReverse Proxy
whereas in Second Post it is recommended to useReverse Proxy
. Thats'y i am confused which would be better approach.Please Help Me Guys.
解决方案After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.
App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.
If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs [4]. But, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [5], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
Full answer can be found here issue
这篇关于我是否需要在Google App Engine后面设置反向代理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!