Hi Seann,
We are generally running Zotonic directly on port 80/443 or just with firewall redirect rules.
In our cloud-init file we are now using the direct approach, as Maas-Maarten found that there is a problem with the firewall-redirecting taking up too many resources and not being able to handle the amount of connections they need.
Having a proxy indeed kind of doubles the request overhead.
We confirmed that in tests for ping-like requests and files.
There are a couple of reasons people do use a proxy:
- Being able to (with standard tools) block requesting IPs
- Manage certificates in a central way (if you have a sysop person)
- Separate responsibilities between sysop and devop.
- Extra logging via the proxy
There are a couple of reasons people do NOT use a proxy:
- Simple setup - less moving parts
- Let Zotonic handle all certificates
- Performance (useful for smaller servers)
Zotonic can log as well, we just don’t do it per default as the millions of log lines do not help.
We have been thinking about a simple access-log-counting thing.
Just didn’t have a customer yet that wanted it, and wanted to pay for it :-)
The email is almost always sent by Zotonic directly.
Unless there is a sysop responsible for all email, then sometimes the email is sent via a relay.
We also sent email via (for example) mailgun, which gives us better control of inbox placement with especially hotmail/outlook and still good email-address status via mod_mailgun.
We also receive email, sometimes via a relay on a central server (that also manages the corporate email addresses).
Most often just by directly listening on port 25.
Cheers,
Marc