问题
I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.
I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 I even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.
So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??
Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application
and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. That's why I am confused which would be a better approach.
Please Help Me Guys.
回答1:
After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.
App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.
If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs [4]. But, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [5], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
Full answer can be found here issue
来源:https://stackoverflow.com/questions/47486110/do-i-need-to-setup-a-reverse-proxy-behind-google-app-engine-or-not