What are the disadvantages of using AWS ELB directly with Gunicorn (no nginx)?

15
votes

Typical setups I've found on Google to run a django application on AWS all suggest a setup like

ELB -> nginx -> gunicorn -> django

I was wondering why the nginx part is really needed here? Isn't ELB sufficient as proxy?

In our case, we are running multiple Gunicorn/django instances in individual docker containers on ECS.

2
djangoamazon-web-servicesreverse-proxygunicornamazon-elb

2 Answers

13
votes

Without Nginx, It would work just fine and you will still be safe from the majority of DDOS attacks that can bring down an exposed gunicorn server.

I can only see Nginx helpful to add to the stack if it'll be serving your static files. However, it's much better to serve your static files by S3 (+ cloudfront as a bonus) since it's has high availability and reliability baked in.

Sources: http://docs.gunicorn.org/en/latest/deploy.html#nginx-configuration https://stackoverflow.com/a/12801140

3
votes

I had to search a lot to get a satisfying answer :

  1. ELB does not save you from DDoS attacks, it is more of a general purpose load balancer.
  2. ELB directly sends the incoming request to the the Gunicorn server. It does not receive the full request before forwarding it to Gunicorn, i.e, if headers/body from the request is coming slowly because of bad internet connection from the client or whatever other reason, then the Gunicorn server will be waiting for the request to complete before it starts processing the request. In general, it's a bad practice to allow the same server to be the web server and application server, as this hogs up the resources of the application server(Gunicorn).
  3. Nginx additionally helps serve static files and with GZIP compression, thus making it faster for sending/receiving data from both client/server.

Additionally, even in Gunicorn's documentation, it is recommended to use Nginx in front of it.