Menu
I am running my app on Google App engine and I have linked my domain which I bought from GoDaddy to the app engine along with the SSL which I have also bought from GoDaddy.
I read it on many sites that running server on port 80 without Reverse Proxy can cause you major security issues. But I can't see which of these issues are they talking about. Also as I am running my app on port 5555 I even tried to ping my domain and the IP was 216.239.XX.21 where X possible values can be (32, 34, 36 and 38) which is same for all other App Engine server. So I think that as if any hacker/malicious user tries to do something malicious to my app then in order to do that he/she have to know my IP which App Engine is hiding by default.
So, I want to know as App Engine is already hiding my IP so do I have to use any Reverse Proxy Server like Nginx on my App Engine or not ??
Also if I need to use Reverse Proxy then I saw these two posts nginx-as-reverse-proxy-for-google-app-engine-application
and using-nginx-as-a-reverse-proxy-for-speedy-app-engine-development/.
Where in First Post it is not recommended to use Reverse Proxy whereas in Second Post it is recommended to use Reverse Proxy. That's why I am confused which would be a better approach.
Please Help Me Guys.
476
Typically, a reverse proxy server sits in front of web servers and forwards client (e.g. web browser) requests to those web servers.
A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
In other words, your reverse proxy is the only server visible to the internet and protects your backend web servers, their identity, and characteristics, implementing an extra layer of security, and making it difficult for attackers to access those backend servers.
How IAP for on-premises apps works. When a request is sent to an app hosted on Google Cloud, IAP authenticates and authorizes the user requests. It then grants the user access to the Google Cloud app. When a request is sent to an on-premises app, IAP authenticates and authorizes the user request.
After posting this question on Google groups they told me that There is no need for setting up reverse-proxy for both Flexible and As well as Standard Environment.
App Engine instances in the Standard environment 1 do not have public static IP addresses, and are completely protected by the main Google Front-end server. Requests to your application first hit the Google Front-end, then the front-end performs the SSL security checks according to your uploaded certificate [2], and then forwards the request to your App Engine instances using their internal IPs. Therefore no reverse-proxy is required.
If you are using the App Engine Flexible environment [3], you are able to have static IPs for your instances as they use Compute Engine VMs [4]. But, App Engine automatically loads Nginx proxy in front of every App Engine Flexible instance pre-configured, so you do not have to set this up at all. All you have to do is follow the guide to uploading your SSL cert [5], and requests will be vetted by the Google Front-end just like the Standard environment above. Therefore no added reverse-proxy is required.
Full answer can be found here issue
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
