[p_ing]

A web server should never be directly exposed to the Internet, provided you care about the web server host or what's behind it.

[ofrzeta]

> A web server should never be directly exposed to the Internet

That's what web servers are made for, no? Like Apache, Nginx etc. I mean, you could certainly put HAProxy in front but you'd need a good reason to do this.

[CharlieDigital]

This is not the case for the modern Internet.

More often than not, for any serious application backend, you probably want a web application firewall (WAF) in front of it and SSL termination upstream of the web server.

[SideburnsOfDoom]

And also a reverse proxy / Load balancer in front of multiple Webserver instances.