If you can use a proxy, then I personally would recommend just going to haproxy and make that work. For public facing apps I only run stand alone behind haproxy. I've got a few things out there running and I can't recall any issues I've had running things that way.
For the apps I have running as cgi, they seem to have issues now and then. I have started using htaccess files to password protect them at the apache level to keep bots or search engines or who knows what from randomly hitting them and making them lock up. These apps are low usage internal, but are accessible for us from the internet.
So for me, I've had good success with haproxy -> stand alone app. You can put haproxy in front of almost anything, so if you need apache and/or nginx too, then you can also put them behind haproxy.
There's also a new plugin apparently (which I haven't tried yet) to allow haproxy to pull Let's Encrypt ssl certificates for your sites without having to take anything offline during the verification process. I plan on setting that up on one of my sites when the current ssl cert is close to expiration.