How to setup nginx in front of node in docker for Cloud Run?

Question

I need to setup reverse proxy nginx in front of nodejs app that need to be deployed in google cloud run.

Use Cases - Need to serve assets gzipped via nginx (I don't want to overhead node for gzip compression) - To block small DDOS attacks

I didn't find any tutorial to setup nginx and node in cloud run.

Also I need to install PM2 to for node.

How to do this setup in docker? also how can I configure nginx before deploying?

Thanks in advance

Answer 1

I need to setup reverse proxy nginx in front of nodejs app that need to be deployed in google cloud run.

Cloud Run already provides a reverse proxy - Cloud Run Proxy. This is the service that load balances, provides custom domains, authentication, etc. for Cloud Run. However, there is nothing in the design of Cloud Run to prevent you from using Nginx as a reverse proxy inside your container. There is nothing in the design of Cloud Run to prevent you from using Nginx as a separate container front-end to another Cloud Run service. Note in the last case you will be paying twice as much as you will need two Cloud Run services, one for the Nginx service URL and another for the node application.

Use Cases - Need to serve assets gzipped via nginx (I don't want to overhead node for gzip compression) - To block small DDOS attacks

You can either perform compression in your node app or in Nginx. The result is the same. The performance impact is the same. Nginx does not provide any overhead savings. Nginx may be more convenient in some cases.

Your comment to block small DDOS attacks. Cloud Run autoscales, which means each Cloud Run instance will have some limited exposure to a DOS. As the DDOS traffic increases, Cloud Run will launch more instances of your container. Without a prior request from you, Cloud Run will stop scaling at 1,000 instances. Nginx will not provide any benefit that I can think of to mitigate a DDOS attack.

I didn't find any tutorial to setup nginx and node in cloud run.

I am not aware of a specific document covering Nginx and Cloud Run. However, you do not need one. Any document covering Nginx and Docker will be fine. If you want to run Nginx in the same container as your node application you will need to write a custom script to launch both Nginx and Node.

Also I need to install PM2 to for node.

Not possible. PM2 has a user interface and GUI. Cloud Run only exposes $PORT over HTTP from a Cloud Run instance.

How to do this setup in docker? also how can I configure nginx before deploying?

There are numerous tutorials on the Internet for setting up Nginx and Docker.

Two examples below. There are hundreds of examples on the Internet.

• How to run NGINX as a Docker container
• Deploying NGINX and NGINX Plus on Docker

I have answered each of your questions. Now some advice:

1. Using Nginx with Cloud Run does not make any sense with a Node.js application. Just run your node application and let Cloud Run Proxy do its job.
2. Compression is CPU intensive. Cloud Run is designed for HTTP style microservices that are small, fast, and compact. You will pay for increased CPU time. If you have content that needs to be compressed, compress it first and serve the content compressed. There are cases where compression in Cloud Run is useful and/or correct, but look at your design and optimize where possible. Static content should be served by Cloud Storage, for example.

Cloud Run can handle a Node.js application easily with excellent performance and scalability provided that you follow its design criteria and purpose.

Key factors to keep in mind:

• Low cost, you only pay for requests. Overlapping requests have the same cost as one request.

• Stateless. Containers are shut down when not needed which means you must design for restarts. Store state elsewhere such as a database.

• Only serves traffic on port $PORT, which today is 8080.

• Public traffic can be either HTTP or HTTPS. Traffic from the Cloud Run Proxy to the container is HTTP.

• Custom domain names. Cloud Run makes HTTPS for URLs very easy.

  UPDATE: Only HTTPS is now supported for the public endpoint (Public Traffic).

Answer 2

I think you should consider using a different approach.

Running multiple processes in a single container is not a best practice. The more common implementation of a proxy as you describe is to use 2 containers (the proxy is often called the sidecar) but this is not possible with Cloud Run.

Google App Engine may be more suitable.

App Engine Flexible permits deployments of containers that are proxied (behind the scenes) by Nginx. You may use static content with Flexible and can incorporate a CDN. App Engine Standard addresses your needs too.

https://cloud.google.com/appengine/docs/flexible/nodejs/serving-static-files https://cloud.google.com/appengine/docs/standard/nodejs/runtime

Like Cloud Run, App Engine is serverless but provides more flexibility and is a more established service. App Engine integrates with more (all?) GCP services too whereas Cloud Run is limited to a subset.

Alternatively, you may consider Kubernetes (Engine). This provides almost limitless flexibility but requires more ops. As you're likely aware, there's a Cloud Run implementation that runs atop Kubernetes, Istio and Knative.

Cloud Run is a compelling service but it is only appropriate if you can meet its (currently) contrained requirements.