Without Nginx, It would work just fine and you will still be safe from the majority of DDOS attacks that can bring down an exposed gunicorn server.
I can only see Nginx helpful to add to the stack if it’ll be serving your static files. However, it’s much better to serve your static files by S3 (+ cloudfront as a bonus) since it’s has high availability and reliability baked in.
I had to search a lot to get a satisfying answer :
- ELB does not save you from DDoS attacks, it is more of a general purpose load balancer.
- ELB directly sends the incoming request to the the Gunicorn server. It does not receive the full request before forwarding it to Gunicorn, i.e, if headers/body from the request is coming slowly because of bad internet connection from the client or whatever other reason, then the Gunicorn server will be waiting for the request to complete before it starts processing the request. In general, it’s a bad practice to allow the same server to be the web server and application server, as this hogs up the resources of the application server(Gunicorn).
- Nginx additionally helps serve static files and with GZIP compression, thus making it faster for sending/receiving data from both client/server.
Additionally, even in Gunicorn’s documentation, it is recommended to use Nginx in front of it.