Static vs REST routing with clojure ring - clojure

I'm writing an angular/clojure ring webapp. All routes to the ring side will have an "/api" prefix and will be routed with compojure.
Serving upp all other static file with ring seems a bit messy though.
Is there a good way to direct "/api/whatever" requests to ring and all other to be served up as static files using jetty? or using any other major web server, like apache, nginx, lighttpd?

We put nginx infront of jetty and have nginx configured to serve the static stuff (actually redirects to a CDN) directly and proxy all the app stuff to jetty. In production jetty is running on a separate load balancer though this works out the same if they are running on the same instance.

If you want to run clojure Ring handlers with Nginx without any Java Web Server, eg. Jetty. please try Nginx-Clojure module.

Related

Deploy Django with SSL without Nginx

Is it possible to deploy a django project without using third party tools like nginx or apache just to serve up https:// webpages? Being forced to setup a reverse proxy or some other web server just to serve https seems a bit overkill.
Using of built-in development server (manage.py runserver) is a bad idea for production environment. But, yes you can use SSL connection even with built-in server
Better idea is to use some application server. For example gunicorn. And yes again, you can serve SSL connection with gunicorn.
Apache or Nginx servers are not just for https. These allows you to effectively control other server resources like max number of processes, request/response headers, etc. WEB servers support many features that you can set without writing python code. And that will be more understandable for infra/server engineers.

How to host SPA in CloudFront with webserver as backend?

I am working on a home project which consists of two parts: web server (Java) and SPA application (Angular + Webpack) that communicate with each other via REST and websockets. At the moment the UI is served by NGINX as static content, and webserver is hosted on the same server as NGINX. It means when user makes request to mydomain.com NGINX provides angular static content to user's browser (js, html, css). In these js files I have several services that communicate with webserver using relative paths (e.g. /getPriceList, browser makes request to mydomain.com/getPriceList). So I wonder if it's possible to use something like Amazon CloudFront (CDN) for serving static content and get rid of NGINX? I've just started reading documentation and can't catch how should I configure my UI app in order to work with webserver that is located on separate machine. The desired scenario is when user requests mydomain.com he will get all static content (UI app) from CDN. But it's not clear how the UI app should be configured in order to have access to my web server (where should it be hosted, should I still use relative paths and so on). I hope that you caught my question.

What are the disadvantages of using AWS ELB directly with Gunicorn (no nginx)?

Typical setups I've found on Google to run a django application on AWS all suggest a setup like
ELB -> nginx -> gunicorn -> django
I was wondering why the nginx part is really needed here? Isn't ELB sufficient as proxy?
In our case, we are running multiple Gunicorn/django instances in individual docker containers on ECS.
Without Nginx, It would work just fine and you will still be safe from the majority of DDOS attacks that can bring down an exposed gunicorn server.
I can only see Nginx helpful to add to the stack if it'll be serving your static files. However, it's much better to serve your static files by S3 (+ cloudfront as a bonus) since it's has high availability and reliability baked in.
Sources:
http://docs.gunicorn.org/en/latest/deploy.html#nginx-configuration
https://stackoverflow.com/a/12801140
I had to search a lot to get a satisfying answer :
ELB does not save you from DDoS attacks, it is more of a general purpose load balancer.
ELB directly sends the incoming request to the the Gunicorn server. It does not receive the full request before forwarding it to Gunicorn, i.e, if headers/body from the request is coming slowly because of bad internet connection from the client or whatever other reason, then the Gunicorn server will be waiting for the request to complete before it starts processing the request. In general, it's a bad practice to allow the same server to be the web server and application server, as this hogs up the resources of the application server(Gunicorn).
Nginx additionally helps serve static files and with GZIP compression, thus making it faster for sending/receiving data from both client/server.
Additionally, even in Gunicorn's documentation, it is recommended to use Nginx in front of it.

Is it possible to make Django send data over tls protocol?

I am currently working on a web project in django and there is a requirement to ensure the safety of transmitting data over a network (passwords, usernames etc.).
I've read on owasp cheat sheet about authenication that for safety reasons all passwords should be sent from a client to a server over tsl protocol.
https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Transmit_Passwords_Only_Over_TLS_or_Other_Strong_Transport
Django framework sends these over http protocol. Is it possible to make django send it over tsl or work around it in another way?
When you run a Django application on the Internet, it's usually looking something like this:
[Django Application] <-> [uWSGI] <-> [nginx] <-> [web browser]
You can use different components, e.g. Gunicorn instead of uWSGI or Apache instead of nginx.
The thing is, you simply configure the webserver (Apache or nginx or whatever) with an SSL certificate and listen for https instead of http.
I think you're using Django runserver command for server your app over HTTP. It is absolutely not made for production and is a really HTTP (only) server for development.
For serve your app across SSL/TLS, you must use a frontend as described in henrikstroem's response

Two application servers on one web server?

I have a Rails app which provides service through Nginx server(with thin). Now I want to build another app in Node.js on the same machine.
My question is, can I have Nginx redirect users' reqeusts? e.g. when a user access 'foo.mydomain.com' it will be processed by Rails app, and when she visit 'bar.mydomain.com' it can be processed by Node app.
(I'm not sure whether it's related to the type of apps, i.e. Rails, Nodejs, etc)
You can set up two serverblocks in your nginx config; One listening for bar.mydomain.com and the other one for foo.mydomain.com and then use the proxy_pass module in nginx to pass forward the requests to your Node or Rails app.