我是否需要在Google App Engine后面设置反向代理？ [英] Do i need to Setup a Reverse Proxy behind Google App Engine or not?

问题描述

我在 Google App引擎上运行我的应用程序，并将我从GoDaddy购买的域链接到应用程序引擎以及我也从GoDaddy购买的 SSL 。 我在很多网站上阅读过它在端口80上运行服务器而没有反向代理会导致您的主要安全问题。但我看不到他们在谈论哪些问题。另外，当我在 5555端口上运行我的应用程序时，我甚至试图ping我的域名，IP地址为 216.239.XX.21 其中X个可能的值可以是（32,34,36和38），对于所有其他 App Engine 服务器。所以我认为，如果任何黑客/恶意用户试图对我的应用程序做一些恶意的事情，那么为了做到这一点，他/她必须知道我的IP App Engine 默认隐藏。

所以，我想知道 App Engine 已经隐藏我的IP ，所以我必须使用任何反向代理服务器，比如 Nginx 在我的 App Engine 或不是？

另外如果我需要使用反向代理然后我看到了这两个帖子 nginx-as-reverse-proxy-for-google-app-engine-application
和使用-nginx-as-a-reverse-proxy-for-speedy-app-engine-开发/ 。

在第一篇文章中，它是不是建议使用反向代理，而在第二篇文章中，建议使用反向代理。这是我的困惑，这将是更好的方法。

请帮助我的人。

解决方案

在Google群组上发布这个问题后，他们告诉我，无需为灵活和标准环境设置反向代理。

• 标准环境中的App Engine实例 1 没有公共静态IP地址，并且完全受
  主前端服务器的保护。首先请求您的应用程序访问
  Google前端，然后前端根据您上传的证书[2]执行SSL安全检查
  ，然后将
  请求转发给您App Engine实例使用其内部IP。
  因此，不需要反向代理。

如果您使用的是App Engine Flexible环境[3]，则可以使用静态IP对于您的实例，因为他们使用Compute Engine
VMs [4]。但是，App Engine会在
前自动加载每个App Engine Flexible实例预配置的Nginx代理，因此您根本没有
来设置它。您只需按照
指南上传您的SSL证书[5]，就可以通过Google
前端审核请求，就像上面的标准环境一样。因此，不需要添加
反向代理。 >可在此处找到完整答案 问题



I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.

I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 i even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.

So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??

Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.

Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. Thats'y i am confused which would be better approach.

Please Help Me Guys.

解决方案

After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.

• App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.

• If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs [4]. But, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [5], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.

Full answer can be found here issue

这篇关于我是否需要在Google App Engine后面设置反向代理？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！