I wanna know if it's better in terms of security, availability and best practice to set up a nginx reverse proxy on my backend and use it with localhost or to set up a VM that handles everything for me.
I assume that using a separate VM will be better. The reasoning is the following:
It allows you to route traffic though a single node meaning that you can remove External IPS from other VMs (servers). (this also means that if all traffic is routed via a single node, there can be more control over monitoring to know how connections are occurring.)
It removes processes of the backend, which means it gives more processing power to any servers running web apps etc.
If needed depending on the situation with your app, the reverse proxy can act as a load balancer if you have other servers which can increase your apps availability.
Otherwise I was told by someone that the use of the reverse proxy (nginx + gunicorn) on the backend it would be better, rather than on a separate VM, because if let's say there is an app that uses django URL requests would be transmitted over the local private network instead of the localhost which is less secure, which is true to an extent but it makes no sense to me, since in terms of managing risk it seems more logical to assume its worse to have Y vm's with all external IPs rather than secure internal network assuming everything is set up properly for the sake of simplicity.
Overall, I just want some expertise to have a better understanding on what would better practice and more secure.
