我是否需要在 Google App Engine 后面设置反向代理? [英] Do I need to Setup a Reverse Proxy behind Google App Engine or not?
问题描述
我在 Google 应用引擎 上运行我的应用,并且我已将我从 GoDaddy 购买的域与 SSL 链接到应用引擎代码>,我也是从 GoDaddy 购买的.
I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.
我在许多网站上读到过,在 80 端口 上运行服务器而没有 反向代理 会导致严重的安全问题.但我看不出他们在谈论哪些问题.此外,当我在 port 5555 上运行我的应用程序时,我什至尝试 ping 我的域,IP 是 216.239.XX.21 其中 X 可能的值可以是 (32, 34, 36 和 38) 这与所有其他 App Engine 服务器相同.所以我认为,好像任何 hacker/malicious 用户试图对我的应用程序做一些恶意的事情,然后为了做到这一点,他/她必须知道我的 IP 是哪个 App Engine默认隐藏.
I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 I even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.
所以,我想知道 App Engine 已经隐藏我的 IP 所以我是否必须使用任何 反向代理服务器 像 Nginx 在我的 App Engine 上还是没有 ??
So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??
另外,如果我需要使用 Reverse Proxy 然后我看到了这两篇文章 nginx-as-reverse-proxy-for-google-app-engine-application和 使用-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application
and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
在第一篇文章中不推荐使用反向代理,而在第二篇文章中推荐使用反向代理.这就是为什么我很困惑哪种方法更好.
Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. That's why I am confused which would be a better approach.
请帮帮我.
推荐答案
在 Google 群组上发布此问题后,他们告诉我无需为灵活和标准环境设置反向代理.
After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.
><块引用>
标准环境中的 App Engine 实例1没有公共静态 IP 地址, 并完全受主保护谷歌前端服务器.对您的应用程序的请求首先点击谷歌前端,然后前端进行SSL安全检查根据你上传的证书[2],然后转发使用其内部 IP 向您的 App Engine 实例发出请求.因此不需要反向代理.
App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.
如果您使用的是 App Engine 柔性环境 [3],则您可以在实例使用 Compute Engine 时为其拥有静态 IP虚拟机 [4].但是,App Engine 会在前面自动加载 Nginx 代理每个 App Engine 灵活实例都已预先配置,因此您无需设置这个.您所要做的就是按照指南进行操作上传您的 SSL 证书 [5],请求将由 Google 审核前端就像上面的标准环境.因此没有添加需要反向代理.
If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs [4]. But, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [5], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
可在此处找到完整答案 问题
这篇关于我是否需要在 Google App Engine 后面设置反向代理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
