部署Gunicorn
我们强烈建议在代理服务器后面使用Gunicorn。
Nginx配置
虽然有许多HTTP代理可用,但我们强烈建议 你使用Nginx。如果您选择其他代理服务器,则需要确保 当你使用默认的Gunicorn工作时它会缓慢缓慢的客户端。 如果没有这个缓冲,Gunicorn很容易受到影响 拒绝服务攻击。您可以使用slowloris检查您的代理 表现得很好。
为什么强烈建议使用代理服务器,缓冲如何防止DOS攻击?
答案 0 :(得分:10)
According to the Nginx documentation, a reverse proxy can be used to provide load balancing, provide web acceleration through caching or compressing inbound and outbound data, and provide an extra layer of security by intercepting requests headed for back-end servers.
Gunicorn is designed to be an application server that sits behind a reverse proxy server that handles load balancing, caching, and preventing direct access to internal resources.
By exposing Gunicorn's synchronous workers directly to the internet, a DOS attack could be performed by creating a load that trickles data to the servers, like the Slowloris.
答案 1 :(得分:0)
原因是有许多 slow 客户端需要时间来消耗服务器响应,而Gunicorn旨在响应 fast 。 an explanation of this situation有一个类似的Ruby Web服务器Unicorn。