Nginx : The cool kid
Mayank-dev1822
Posted on April 2, 2024
While building backend applications you may have come across the problem of accessing your application’s APIs that is deployed on a VM. To solve this problem you may have used the open port method, which means opening a port of your VM and running your server on that port just like you would run on port 3000 on your local machine. Now, once you have opened the port on your VM and your application is running on the port you opened you can access your application by sending a request to “http://your-vm-ip:<5000>/api”. Seems simple enough right?
The open port method is simple and useful only and only for development and testing purposes, if you plan to use the open port method in production it will result in the following:
Security
By using the open port method in production you are not only compromising security by not encrypting the request through standard HTTPS, but you are also exposing your VM’s IP address and the exact port on which your application is currently running. If you have an endpoint in your application that uploads any type of file to any kind of blob storage or bucket, an attacker can easily abuse your endpoint by DDOSing your endpoint with multiple 1000GB garbage files, which can cost you a fortune in cloud bills.
Scalability
By running your application through the open port method you are not only compromising security but you are also leaving the scalability options like having multiple workers on the plate.
Cost
If you are still planning to use the open port method to run your application, be ready for huge cloud bills and infrastructure costs, as using the open port method requires you to use some kind of screening to run your application in the background otherwise your application will stop as soon as you log out from your SSH session which leaves your VM un-usable for other tasks in parallel.
Now, the question is, should you make the time investment and configure Nginx for your production application?
The short answer is YES
.
If you are now planning to configure Nginx, I have some points that can help you to make the decision and have clarity for why you are making this time investment.
1. Security
Nginx provides multiple security options for your applications out of the box, some of the widely used methods are listed below:
2. SSL Encryption
Nginx provides out-of-the-box SSL/TLS support, which means you can encrypt and decrypt HTTPS requests even before they reach your application server. Using this you can set up a custom domain that is specific to your application, using this you will have the most basic level of encryption on your application.
3. URL Redirection
This method gives you the ability to manipulate request URLs before they reach your backend application server.
4. Load Balancing
You can also, configure Nginx to distribute the incoming requests to multiple instances of your application servers running on the same machine. Using this method can improve your application’s scalability and reliability.
5. Caching
Nginx can cache the static content of your application, this can come in handy if you have deployed a front-end application on your machine that has some heavy assets.
6. (My favorite) Rate limiting
Nginx allows you to add a rate limit to your application endpoints, adding a layer of security that prevents your application from getting DDOSed.
7. Access Control
Using this method you can define how you want your endpoints to be accessed by the client, a great example of this is adding a size limit to the files a user can upload in a single request.
I hope that now you have a clear view of why configuring Nginx is a great time investment over using the open-port method. If you have read it till here I very much appreciate you and hope this read gave you some value for your time.
As a bonus, I have a basic design that you can follow to host your application on a small-scale production server.
Happy Hacking!
Posted on April 2, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.