Kalgan runs over a built-in multithreaded web server (see Built-in Web Server in the docs), which is especially useful while developing. This server does the job but it doesn't support some features which are a "must" when running an app in a production environment. That is to say (among others):

• SSL certificates (HTTPS connections)
• Caching and compression for static content
• Load balancing

Here is when reverse proxy servers come to the rescue.

A reverse proxy server retrieves resources on behalf of a client from one or more servers. When going to production, our app should definitely be running behind a reverse proxy server. There are multiple choices out there, probably one of the best options is NGINX Reverse Proxy.

Find in the below flowchart a representation of the new architecture for our app:

Notice that even though the client is sending HTTPS requests, the built-in server will always handle HTTP requests.

Integrating our app with a reverse proxy server is not a very complex task. Let's see an example with a NGINX reverse proxy:

We're going to establish an HTTPS only connection to the app and configure Nginx to handle the static files. Our NGINX configuration file would look as follows:

server {
    listen 443 ssl;
    server_name mywebsite.com;
    access_log /path/to/my/project-log/access.log;
    error_log /path/to/my/project-log/error.log;
    location /static/ {
        alias /path/to/my/project/static/;
        autoindex off;
    }
    location / {
         proxy_set_header Host $host;
         proxy_pass http://127.0.0.1:7878/;
    }
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;
}
server {
    listen 80;
    server_name mywebsite.com;
    access_log /path/to/my/project-log/access.log;
    error_log /path/to/my/project-log/error.log;
    return 301 https://mywebsite.com$request_uri;
}

Notice we have two server blocks, one for the HTTPS requests and another one for the HTTP requests. The latter redirects all the HTTP requests to the former.

However, the central piece here is this block of code:

...
location / {
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:7878/;
}
...

What means that every HTTPS request that arrives to NGINX is forward to Kalgan as an HTTP request. In this case we're assuming Kalgan is running with the default values for the IP address and server port.

But not all the requests are going to arrive to Kalgan. As we've already said, we want NGINX to handle static files. The following block does the work:

...
location /static/ {
    alias /path/to/my/project/static/;
    autoindex off;
}
...

Every request that start with /static/ will be handle by NGINX, which will return the content of the static file.

As soon as we delegate the parsing of assets to the proxy server, we must remember to remove parameter static.folders in the settings file to stop Kalgan looking for these static files in every request.

Regarding the SSL certificate for the HTTPS connection, in this example we're calling the files snippets/self-signed.conf and snippets/ssl-params.conf, for the sake of simplicity. These files contain the data for a self-signed SSL certificate. However, we shouldn't use these kind of certificates in a pubic site and go for a trusted one instead (see Let’s Encrypt).

For more information regarding running our app in a production environment go to Production in the docs.