Skip to content

Reverse Proxy

What is a Reverse Proxy?

A reverse proxy is a server that sits between clients (like browsers) and backend servers.

Instead of clients talking directly to your application servers, they talk to the reverse proxy, which then forwards (or “proxies”) the requests to the correct backend.

Think of it as a front desk receptionist: clients never see the individual servers behind it, only the receptionist.

Key Functions

  • Request forwarding: Routes client requests to the correct backend service.
  • Load balancing: Distributes traffic across multiple servers for scale & reliability.
  • TLS/SSL termination: Handles HTTPS, offloading certificate work from backends.
  • Caching: Stores frequent responses to reduce backend load.
  • Security: Hides backend details, filters requests, blocks attacks (DDoS, SQL injection).
  • Compression: Optimizes responses before sending to clients.

Advantages

  • Central control point for all incoming requests.
  • Improves scalability (load balancing).
  • Improves performance (caching, compression).
  • Enhances security (masks backend IPs, enforces HTTPS).
  • Simplifies certificate management (only the proxy needs SSL certs).

Drawbacks

  • Becomes a single point of failure if not deployed redundantly.
  • Adds a small amount of latency (since it’s an extra hop).
  • Needs expert configuration (misconfiguration can cause downtime/security gaps).

Example

Imagine you run a site with 3 backend API servers:

  • api1.myapp.local
  • api2.myapp.local
  • api3.myapp.local

Instead of exposing these to the internet, you put NGINX (reverse proxy) in front:

  • Clients send requests to https://api.myapp.com
  • NGINX decides which backend to forward to (e.g., api1 for one request, api2 for another).

Clients only ever see api.myapp.com, not the actual servers.

Example NGINX Config (Reverse Proxy)

server {
    listen 80;

    server_name api.myapp.com;

    location / {
        proxy_pass http://backend_servers;
    }
}

upstream backend_servers {
    server api1.myapp.local;
    server api2.myapp.local;
    server api3.myapp.local;
}

This balances requests across three backend servers while exposing only api.myapp.com to the outside world.

Reverse Proxy vs Forward Proxy

  • Forward Proxy: Clients use it to reach the internet (e.g., corporate proxy, VPN).
  • Reverse Proxy: Internet clients use it to reach your servers (e.g., NGINX, Azure Front Door).

Summary

A reverse proxy is a server that fronts your backend apps, forwarding requests, balancing load, managing SSL, caching, and enhancing security. It’s a key pattern in modern web and microservice architectures.