While traditional forward proxies act on behalf of clients, reverse proxies operate in front of backend servers. The core architecture consists of:
Client → Reverse Proxy → [Server1, Server2, Server3]
Though often confused, reverse proxies and load balancers have distinct roles:
| Feature | Reverse Proxy | Load Balancer |
|---|---|---|
| Primary Function | Request routing and security | Traffic distribution |
| Layer Operation | Application Layer (L7) | Transport Layer (L4) or L7 |
| Caching | Yes | Rarely |
Here's a complete reverse proxy setup in Nginx:
http {
upstream backend {
server 10.0.0.1:8000;
server 10.0.0.2:8000;
server 10.0.0.3:8000;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Enable compression
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter_once off;
}
}
}
Modern implementations often combine multiple features:
# TLS termination + caching + load balancing
server {
listen 443 ssl;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location /static/ {
proxy_cache my_cache;
proxy_cache_valid 200 1d;
proxy_pass http://backend;
}
location /api/ {
proxy_pass http://api_backend;
proxy_connect_timeout 2s;
}
}
Essential metrics to monitor:
- Connection queue length
- Upstream response times
- Cache hit ratio
- SSL/TLS handshake duration
For cloud-native implementations, consider these additions to your Nginx config:
# Cloud-specific optimizations
proxy_http_version 1.1;
proxy_set_header Connection "";
keepalive_timeout 75s;
keepalive_requests 1000;
A reverse proxy sits between clients and backend servers, acting as an intermediary that receives requests and forwards them to the appropriate server. Unlike traditional forward proxies that protect clients, reverse proxies protect servers by:
- Hiding server identities and architectures
- Terminating SSL/TLS connections
- Providing caching layers
- Enabling load balancing capabilities
While both technologies distribute traffic, reverse proxies offer additional application-layer functionality:
| Feature | Reverse Proxy | Load Balancer |
|---|---|---|
| OSI Layer | Layer 7 (Application) | Layer 4 (Transport) |
| SSL Termination | Yes | Rarely |
| Caching | Yes | No |
| URL Rewriting | Yes | No |
Here's a basic Nginx reverse proxy configuration:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
upstream backend_servers {
server 10.0.0.1:8000;
server 10.0.0.2:8000;
server 10.0.0.3:8000;
}
Modern architectures leverage reverse proxies for:
- Canary Deployments:
location /feature-x { # Route 10% traffic to new version if ($arg_canary = "true") { proxy_pass http://new_feature_backend; } } - Security Hardening:
# Rate limiting limit_req_zone $binary_remote_addr zone=api_limit:10m rate=1r/s; # Web Application Firewall location / { modsecurity on; proxy_pass http://backend; }
Effective reverse proxy configuration should include:
- Caching static assets:
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { expires 30d; add_header Cache-Control "public"; } - Compression:
gzip on; gzip_types text/plain text/css application/json;