hykw
Is there any problem to expose Cowboy to the Internet?
I’ve ever heard a rumor saying that it is not recommended to expose Cowboy itself directly to the Internet. The Cowboy’s author also doesn’t recommend it, but put nginx in front of Cowboy.
It is true Cowboy has no virtual hosts nor some other features the other Web servers have, but in the point of security, is there any reason why you shouldn’t put it directly?
Most Liked
merlin
You should never expose your application server directly to the Web. There might be unknown entry points, backdoors, possible data leaks, exploits etc.
Preferably put a filtering proxy in front and whitelist only the URIs you know are valid.
Bonus : LB + rewrite rules + caching.
Nginx is a proven solution, Hiawatha, Apache too etc.
NobbZ
I think its because the permissions binding to port 80. Under most linux distributions packages for NGinX, Apache or other software are already prepared in a way to be ablt to bind that port and reverse proxy is configured in 3 or 4 lines in most of them.
Setting everything up, that your cowboy application is allowed to bind to 80 might be much harder to configure (thats an assumption, I actually never tried to).
But perhaps someone who tried can tell?
@benwilson512 has some phoenix applications in the wild AFAIK (but behind HA AFAIK)
dstockdale
I’ve been happily exposing cowboy but by forwarding port 80 to 4000. I don’t see why it would be an issue other than you I wouldn’t want to run it as root.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










