When I was young, I couldn’t understand why cars had a reverse gear. “Why not just turn around and go the opposite direction?” I wondered. No one had told me what the drive (forward) gear did. I didn’t even know it existed.
Similarly, if you’ve never heard of a forward proxy, a reverse proxy might not make sense to you right now. I’ll explain.
A (forward) proxy is a computer that takes a request from the user and forwards it to the internet. A reverse proxy does the opposite; it takes requests from the internet and forwards them to one or more servers.
Makes sense? If not, keep reading. Soon, you’ll understand everything.
-
Navigate This Article:
How Does a Proxy Work?
Let’s talk about specifics. You see, a proxy communicates on your behalf. The word proxy is defined as “the authority to represent someone.”
A forward proxy acts on your behalf. A reverse proxy acts on the server’s behalf.
How Forward Proxy Works
Let’s say you want to request something from a server. But, for security reasons, you don’t want the server to know you’re the person sending the request.
What do you know in this scenario? You hire someone to represent you. Let’s call him Mr. Proxy.
For example, Mr. Proxy goes to the server of an eCommerce site and says,
“I need you to show me the price of this pair of shoes.”
The server says,
“Alright, friend, I’ll pull out that data for you.”
Once Mr. Proxy gets the data, he sends it to you. In reality, he isn’t really interested in that data. Instead, he was acting on your behalf.
How Reverse Proxy Works
Now let’s look at the other side of the coin. It’s the server’s turn to communicate with you.
But the server doesn’t really want you to know it’s communicating with you, either. So it hires Mrs. Proxy to represent it, just like Mr. Proxy represented you.
Mrs. Proxy takes your request, scans it, hands it to the appropriate server, and then delivers it back to you. Don’t worry about the scanning part; we’ll talk about that later.
For now, what I really need you to understand is that a forward proxy acts on your behalf. A reverse proxy acts on the server’s behalf. I’ll dig deeper into the key differences between these two later.
A Reverse Proxy’s Role in Load Balancing and Security
There’s another thing you need to know about here. It’s called load balancing.
Sometimes servers become overwhelmed with requests.
That’s where a reverse proxy comes in to balance these requests (the load) and make sure that no server takes on more than it can handle. If we have 10,000 requests coming in from the internet, for example, the reverse proxy steps in and says,
“Wait a minute, where do y’all think you’re going so fast?”
It then proceeds to scan every request, check for a server that’s available, and send it over to the available server. This process occurs like lightning in the background. You’ll have no idea it’s happening.
A reverse proxy can also handle security issues. For example, it can take over the job of handling secure, encrypted connections (SSL) from users.
The reverse proxy essentially takes the SSL certificate, terminates it, and then delivers the raw request to the target server.
Benefits of Using a Reverse Proxy
A reverse proxy has many benefits, several of which are server-facing. Remember when I mentioned that a reverse proxy is here to protect the server? This section will prove exactly that.
Load Balancing
The proxy server gets multiple requests from users and then assigns them to an available server. That means no server bites more than it can chew. That way, the server can also swallow (process your request) faster.
Target servers aren’t overloaded, and your requests are processed faster. In the end, everyone’s happy.
Enhanced Security
Ever watched that famous scene from the movie Captain Phillips? After a long gun battle at the sea off the coast of Somalia, the pirates finally capture the boat.
The lead pirate then tells Captain Phillips (Tom Hanks),
“Look at me; I’m the captain now.”
That’s what happens when a proxy server stands between the internet and the target server. It tells incoming requests from the internet that it’s in charge. And just like that, the proxy takes care of security by inspecting every request you send to the target server. That way, malicious traffic won’t be able to reach the target server.
Caching
The proxy has some really, really, good memory. It knows, for example, the websites people like to visit.
You won’t find it knocking at the target server’s door every two seconds like:
“Sorry to bother you, but we’ve received another request that needs your attention. I hate to tell you this, but it’s exactly the same as the previous one.”
Rather, when it receives a familiar request, it pulls the response right from memory. That’s what we call caching. And as you’d expect, it speeds up data processing since there’s no need to contact the target server every single time there’s a new request.
SSL Termination
I talked about how a proxy terminates SSL certificates at the door before sending the requests to the target server. I’m pretty sure you’re wondering whether the request is safe when traveling between the proxy and the target server.
The answer is yes.
Think of the President of the United States, for example. He doesn’t have to walk around with bodyguards at the White House. That’s before the White House itself is secured by the Secret Service. When visitors get their security clearance, they can freely interact with the President.
Disadvantages of Using a Reverse Proxy
It doesn’t matter just how good a particular technology is; there’s always something about it that you may not like. Let’s look at reverse proxy’s disadvantages to give you perspective.
Added Complexity in Setup and Maintenance
With a reverse proxy, you’ve got to set it up in such a way that it can handle things like SSL termination, load balancing, and security rules. That’s where things can become a little complicated.
Setting up a reverse proxy can be complicated and requires special knowledge and skills.
Also, if something goes wrong with the connection, you’ll likely have a mountain to climb. That’s because the problem could be anywhere.
Maybe it’s the proxy itself. If not, it could be the server behind it or sometimes even both. Troubleshooting such a setup can be a real pain.
Potential Single Point of Failure
“Sometimes Love Just Ain’t Enough” by Patty Smyth and Don Henley is one of my favorite songs of all time. There’s this one line in the chorus that I really like. It goes, “But there’s a danger in loving someone too much…”
That’s what happens in a reverse proxy setup. The target server places all its trust on the proxy server to do what it’s supposed to do. Sometimes, that can be dangerous.
If it fails, everything else fails, and hearts get broken. Your request won’t reach the target server. And even worse, it won’t matter if the target server is working just fine.
Common Use Cases for Reverse Proxies
All along, I’ve been talking about reverse proxy like it’s a fictional extra-terrestrial character. In this section, I’ll make it more real by giving you some real-life examples.
Load Distribution Across Multiple Servers
When was the last time you visited a high-traffic website or app?
Without reverse proxies, target servers risk struggling to process data for users on such platforms. A good example is X, formerly known as Twitter.
No doubt, it’s one of the most popular social media platforms today. A normal day on X would include watching videos, interacting with posts, sending DMs, updating profiles, and so on.
One server definitely can’t do all that. Two servers won’t, either.
Something needs to stand there in the middle and actually distribute the load across multiple servers. That’s where a reverse proxy steps in.
Content Caching for Faster Load Times
Let’s switch our attention to a news platform like CNN.. Imagine a scenario where there’s huge breaking news.
The target server can’t be dishing out the same info every two seconds to the millions of people making requests.
Enter the reverse proxy. By loading data from memory and temporarily storing it in a cache, it makes data access faster and more efficient. This frees up the target server to focus on other tasks.
Enhancing Security for Web Applications
If you think every request that goes into a server is genuine, you’re mistaken. There are people out there whose job is to take servers down.
And they’ll use every tactic possible, from DDoS and brute force attacks to SQL injection. This has happened far too many times.
The Yahoo data breach of 2013-2014, for example, was one of the largest of its kind in history. Target also suffered the same fate in 2013 when attackers installed malware on its Point-of-Sale servers.
That’s why we need a proxy to stand in between these two as a shield.
It scans every request, blocks malicious ones, and approves those that are genuine. As a result, the target server at the back can process these requests safely.
Managing SSL Encryption
That padlock icon you see right before a website’s address is what we call an SSL certificate. It gives you, the user, peace of mind, knowing that your interaction with that website is safe.
But for the target server, that means working even harder to decrypt information. Then, it encrypts it again before sending it back to you.
That process consumes the target server’s resources. However, with a proxy server in the middle, the target server doesn’t have to stress about using up its resources for encryption and decryption. The proxy takes care of that.
Reverse Proxy vs. Forward Proxy: What’s the Difference?
Understanding the difference between forward and reverse proxies is all about perspective. Precisely, it’s about knowing who the proxy serves and where it “faces.”
I’ll break it down for you:
A forward proxy works for the client. You’re the client in this case. It forwards your requests to the internet and hides your identity. It’s more like a middleman representing you in communication with servers online.
A reverse proxy does the opposite; it works for the server. It faces incoming requests from the internet, processes them, and forwards them to the appropriate server.
Popular Reverse Proxy Software and Tools
There are so many reverse proxy software and tools out there. Each one of them has its pros and cons.
NGINX
NGINX is the world’s most popular server software by market share, per W3 Techs.
Pros | Cons |
---|---|
High performance and speed | Complex setup for beginners |
Great for load balancing | Limited functionality for dynamic content |
Low resource usage | Limited troubleshooting tools |
Strong community and documentation | Advanced features may require a subscription |
Some popular websites that use NGINX include Netflix, Dropbox, Pinterest, and Airbnb.
Apache
Apache is the world’s second-most popular web server. Here’s what you need to know about it:
Pros | Cons |
---|---|
Easy to customize | More resource intensive than NGINX |
Great for dynamic content (PHP) | Slow under high traffic |
Works with many operating systems | Requires fine-turning for optimal performance |
Built-in support for .htaccess files | Not the best for static content |
This server boasts big-name clients like Samsung.com, Baidu, Spotify, and Adobe.
HAProxy
HAProxy is also very popular, but not as much as NGINX and Apache. However, I like it because it’s a specialist in load balancing.
Pros | Cons |
---|---|
High performance | Complex setup for beginners |
Excellent at load balancing | Not best for lightweight apps |
Great at SSL termination | Requires external tools for monitoring |
Scalable | Limited native support for dynamic content |
Ideal for high-traffic | CLI-based configuration not intuitive |
Cloudflare, JPMorgan, and GitHub are some big names that use HAProxy.
AWS Elastic Load Balancer
This one is very reliable, but it’s only for use within the Amazon Web Service ecosystem.
Pros | Cons |
---|---|
Excels at different load balancing types | Only works within the AWS ecosystem |
Integrates with other AWS services | Can be expensive with new traffic |
Great for SSL termination | Steep learning curve |
Excellent for DDoS protection | May require AWS-specific knowledge |
Popular clients that use this service include Terminix, Securian Financial, Second Spectrum, and NuData Security (a Mastercard company).
Setting Up a Simple Reverse Proxy
I’m going to show you how to set up a reverse proxy with NGINX or Apache. I chose these two because they’re the most popular.
NGINX
Let’s start with NGINX:
- We’ll first install NGINX on our computer using these prompts:
- Let’s now open the configuration file. Usually, you’ll find it at /etc/nginx/nginx.conf or within a site-specific file in /etc/nginx/sites-available/ or /etc/nginx/conf.d/.
- We’re going to create a block that will act as the reverse proxy. Here’s how I did it:
You’re probably wondering how I came up with that setup. Let’s unpack everything:
I used upstream backend_servers to define a group of backend servers for load balancing. Then I added proxy_pass to forward client requests to backend_servers.
Then, I wrapped it up with proxy_set_header to set HTTP headers for client IP forwarding and protocol info.
- It’s mic testing time. Enter the following command:
If everything works as expected, you’ll see this message:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Apache
If you prefer Apache, here’s what to do:
- We’re going to enable the modules we need to make this work:
- Let’s open Apache’s configuration file. You’ll find it in /etc/apache2/sites-available/000-default.conf or something similar.
- It’s time to set up the server. Add this code inside the
block:
Let’s talk about what we’ve just done.
We’ve used
- The moment of truth is upon us. Let’s test if what we’ve just set up works as it should. Enter the following command:
If we got everything right, which we should, you’ll see a “Syntax OK” response.
The Reverse Psychology Of a Reverse Proxy
I’m hoping that you have a deeper understanding of what a reverse proxy is and when to use it. Once you’ve understood the direction this proxy faces, the rest should be easy to digest.
It’s just the reverse version of a forward proxy.
Of course, this isn’t a full course on reverse proxies. But I believe I’ve set the foundation you need to begin learning more about it.
That’s it from me today. Thank you for sticking around this far. I’ll see you for the next topic!