Why put a reverse proxy in front of a WSGI server?

http nginx proxy wsgi

you have more config-options with a full-blown reverse - proxy like
- rewrite
- locations
- server
- https
- header-cleanup
- expires
- gzip
- ....
you can do loadbalancing
you can use proxy_cache
you can implement custom error-pages, even when your app-servers are down
you can have a WAF implemented
you can (sometimes) hotpatch against vulnerabilities

BONUSPOINT

you can impress clients with 100.000 requests/second (on average hardware) with the following setup (nginx):

.

location /perftest/ {
    return 200;
}

Additional Advantages to using a reverse proxy.

Other benefits can be gained that MAY be of benefit to you.

You can hide information from the internet (web server version, app server, database server, api)
You can implement multiple web server technologies behind one domain (Linux tomcat + Windows IIS etc)
You can terminate https/SSL connections and map them to internal http services.
You can centralise all logging.
You can centralise all DDOS prevention
You can Implement identity management from the web server tier.

Security Advantages

Internal server hiding as above.
You can router/firewall your internal app server servers, and database servers from the internet without resorting to software firewalls on the host (called a DMZ).
You can protect a server that is not immediatly fixable from known problems (web application firewall) or known attack patterns.

Related

Recent Posts

org.apache.kafka.common.errors.TimeoutException: Topic not present in metadata after 60000 ms

Why my code runs infinite time when i entered non integer type in c++ [duplicate]

How to retrieve Instagram username from User ID?

Serverless Framework - Variables resolution error

How do we access a file in github repo inside our azure databricks notebook