What Is a Reverse Proxy? Why Reverse Proxies Are Essential for Modern Web Apps

What Is A Reverse Proxy

When I was young, I couldn’t understand why cars had a reverse gear. “Why not just turn around and go the opposite direction?” I wondered. No one had told me what the drive (forward) gear did. I didn’t even know it existed.

Similarly, if you’ve never heard of a forward proxy, a reverse proxy might not make sense to you right now. I’ll explain.

A (forward) proxy is a computer that takes a request from the user and forwards it to the internet. A reverse proxy does the opposite; it takes requests from the internet and forwards them to one or more servers.

Makes sense? If not, keep reading. Soon, you’ll understand everything.

How Does a Proxy Work?

Let’s talk about specifics. You see, a proxy communicates on your behalf. The word proxy is defined as “the authority to represent someone.”

A forward proxy acts on your behalf. A reverse proxy acts on the server’s behalf.

How Forward Proxy Works

Let’s say you want to request something from a server. But, for security reasons, you don’t want the server to know you’re the person sending the request.

What do you know in this scenario? You hire someone to represent you. Let’s call him Mr. Proxy.

A user request goes from the user device to the forward proxy, then to the origin server over the internet.
With a forward proxy, the user device sends a request to the proxy server, which then sends a request to the origin server.

For example, Mr. Proxy goes to the server of an eCommerce site and says,

“I need you to show me the price of this pair of shoes.”

The server says,

“Alright, friend, I’ll pull out that data for you.”

Once Mr. Proxy gets the data, he sends it to you. In reality, he isn’t really interested in that data. Instead, he was acting on your behalf.

How Reverse Proxy Works

Now let’s look at the other side of the coin. It’s the server’s turn to communicate with you.

But the server doesn’t really want you to know it’s communicating with you, either. So it hires Mrs. Proxy to represent it, just like Mr. Proxy represented you.

The user device sends a request to the reverse proxy, which passes the request along to the origin server.
In a reverse proxy setup, the user device sends requests to the reverse proxy instead of to the origin server. The reverse proxy server passes the request along.

Mrs. Proxy takes your request, scans it, hands it to the appropriate server, and then delivers it back to you. Don’t worry about the scanning part; we’ll talk about that later.

For now, what I really need you to understand is that a forward proxy acts on your behalf. A reverse proxy acts on the server’s behalf. I’ll dig deeper into the key differences between these two later.

A Reverse Proxy’s Role in Load Balancing and Security

There’s another thing you need to know about here. It’s called load balancing.

Sometimes servers become overwhelmed with requests.

That’s where a reverse proxy comes in to balance these requests (the load) and make sure that no server takes on more than it can handle. If we have 10,000 requests coming in from the internet, for example, the reverse proxy steps in and says,

“Wait a minute, where do y’all think you’re going so fast?”

It then proceeds to scan every request, check for a server that’s available, and send it over to the available server. This process occurs like lightning in the background. You’ll have no idea it’s happening.

A reverse proxy can also handle security issues. For example, it can take over the job of handling secure, encrypted connections (SSL) from users.

The reverse proxy essentially takes the SSL certificate, terminates it, and then delivers the raw request to the target server.

Benefits of Using a Reverse Proxy

A reverse proxy has many benefits, several of which are server-facing. Remember when I mentioned that a reverse proxy is here to protect the server? This section will prove exactly that.

Load Balancing

The proxy server gets multiple requests from users and then assigns them to an available server. That means no server bites more than it can chew. That way, the server can also swallow (process your request) faster.

Load balancing diagram
Load balancers help direct web traffic evenly so no server gets overwhelmed.

Target servers aren’t overloaded, and your requests are processed faster. In the end, everyone’s happy.

Enhanced Security

Ever watched that famous scene from the movie Captain Phillips? After a long gun battle at the sea off the coast of Somalia, the pirates finally capture the boat.

The lead pirate then tells Captain Phillips (Tom Hanks),

“Look at me; I’m the captain now.”

That’s what happens when a proxy server stands between the internet and the target server. It tells incoming requests from the internet that it’s in charge. And just like that, the proxy takes care of security by inspecting every request you send to the target server. That way, malicious traffic won’t be able to reach the target server.

Caching

The proxy has some really, really, good memory. It knows, for example, the websites people like to visit.

You won’t find it knocking at the target server’s door every two seconds like:

“Sorry to bother you, but we’ve received another request that needs your attention. I hate to tell you this, but it’s exactly the same as the previous one.”

Rather, when it receives a familiar request, it pulls the response right from memory. That’s what we call caching. And as you’d expect, it speeds up data processing since there’s no need to contact the target server every single time there’s a new request.

SSL Termination

I talked about how a proxy terminates SSL certificates at the door before sending the requests to the target server. I’m pretty sure you’re wondering whether the request is safe when traveling between the proxy and the target server.

The answer is yes.

Think of the President of the United States, for example. He doesn’t have to walk around with bodyguards at the White House. That’s before the White House itself is secured by the Secret Service. When visitors get their security clearance, they can freely interact with the President.

Disadvantages of Using a Reverse Proxy

It doesn’t matter just how good a particular technology is; there’s always something about it that you may not like. Let’s look at reverse proxy’s disadvantages to give you perspective.

Added Complexity in Setup and Maintenance

With a reverse proxy, you’ve got to set it up in such a way that it can handle things like SSL termination, load balancing, and security rules. That’s where things can become a little complicated.

Setting up a reverse proxy can be complicated and requires special knowledge and skills.

Also, if something goes wrong with the connection, you’ll likely have a mountain to climb. That’s because the problem could be anywhere.

Maybe it’s the proxy itself. If not, it could be the server behind it or sometimes even both. Troubleshooting such a setup can be a real pain.

Potential Single Point of Failure

“Sometimes Love Just Ain’t Enough” by Patty Smyth and Don Henley is one of my favorite songs of all time. There’s this one line in the chorus that I really like. It goes, “But there’s a danger in loving someone too much…”

That’s what happens in a reverse proxy setup. The target server places all its trust on the proxy server to do what it’s supposed to do. Sometimes, that can be dangerous.

If it fails, everything else fails, and hearts get broken. Your request won’t reach the target server. And even worse, it won’t matter if the target server is working just fine.

Common Use Cases for Reverse Proxies

All along, I’ve been talking about reverse proxy like it’s a fictional extra-terrestrial character. In this section, I’ll make it more real by giving you some real-life examples.

Load Distribution Across Multiple Servers

When was the last time you visited a high-traffic website or app?

Without reverse proxies, target servers risk struggling to process data for users on such platforms. A good example is X, formerly known as Twitter.

No doubt, it’s one of the most popular social media platforms today. A normal day on X would include watching videos, interacting with posts, sending DMs, updating profiles, and so on.

One server definitely can’t do all that. Two servers won’t, either.

Something needs to stand there in the middle and actually distribute the load across multiple servers. That’s where a reverse proxy steps in.

Content Caching for Faster Load Times

Let’s switch our attention to a news platform like CNN.. Imagine a scenario where there’s huge breaking news.

The target server can’t be dishing out the same info every two seconds to the millions of people making requests.

Enter the reverse proxy. By loading data from memory and temporarily storing it in a cache, it makes data access faster and more efficient. This frees up the target server to focus on other tasks.

Enhancing Security for Web Applications

If you think every request that goes into a server is genuine, you’re mistaken. There are people out there whose job is to take servers down.

And they’ll use every tactic possible, from DDoS and brute force attacks to SQL injection. This has happened far too many times.

The Yahoo data breach of 2013-2014, for example, was one of the largest of its kind in history. Target also suffered the same fate in 2013 when attackers installed malware on its Point-of-Sale servers.

That’s why we need a proxy to stand in between these two as a shield.

It scans every request, blocks malicious ones, and approves those that are genuine. As a result, the target server at the back can process these requests safely.

Managing SSL Encryption

That padlock icon you see right before a website’s address is what we call an SSL certificate. It gives you, the user, peace of mind, knowing that your interaction with that website is safe.

But for the target server, that means working even harder to decrypt information. Then, it encrypts it again before sending it back to you.

That process consumes the target server’s resources. However, with a proxy server in the middle, the target server doesn’t have to stress about using up its resources for encryption and decryption. The proxy takes care of that.

Reverse Proxy vs. Forward Proxy: What’s the Difference?

Understanding the difference between forward and reverse proxies is all about perspective. Precisely, it’s about knowing who the proxy serves and where it “faces.”

I’ll break it down for you:

A forward proxy works for the client. You’re the client in this case. It forwards your requests to the internet and hides your identity. It’s more like a middleman representing you in communication with servers online.

A reverse proxy does the opposite; it works for the server. It faces incoming requests from the internet, processes them, and forwards them to the appropriate server.

Popular Reverse Proxy Software and Tools

There are so many reverse proxy software and tools out there. Each one of them has its pros and cons.

NGINX

NGINX is the world’s most popular server software by market share, per W3 Techs.

ProsCons
High performance and speedComplex setup for beginners
Great for load balancingLimited functionality for dynamic content
Low resource usageLimited troubleshooting tools
Strong community and documentationAdvanced features may require a subscription

Some popular websites that use NGINX include Netflix, Dropbox, Pinterest, and Airbnb.

Apache

Apache is the world’s second-most popular web server. Here’s what you need to know about it:

ProsCons
Easy to customizeMore resource intensive than NGINX
Great for dynamic content (PHP)Slow under high traffic
Works with many operating systemsRequires fine-turning for optimal performance
Built-in support for .htaccess filesNot the best for static content

This server boasts big-name clients like Samsung.com, Baidu, Spotify, and Adobe.

HAProxy

HAProxy is also very popular, but not as much as NGINX and Apache. However, I like it because it’s a specialist in load balancing.

ProsCons
High performanceComplex setup for beginners
Excellent at load balancingNot best for lightweight apps
Great at SSL terminationRequires external tools for monitoring
Scalable Limited native support for dynamic content
Ideal for high-trafficCLI-based configuration not intuitive

Cloudflare, JPMorgan, and GitHub are some big names that use HAProxy.

AWS Elastic Load Balancer

This one is very reliable, but it’s only for use within the Amazon Web Service ecosystem.

ProsCons
Excels at different load balancing typesOnly works within the AWS ecosystem
Integrates with other AWS servicesCan be expensive with new traffic
Great for SSL terminationSteep learning curve
Excellent for DDoS protectionMay require AWS-specific knowledge

Popular clients that use this service include Terminix, Securian Financial, Second Spectrum, and NuData Security (a Mastercard company).

Setting Up a Simple Reverse Proxy

I’m going to show you how to set up a reverse proxy with NGINX or Apache. I chose these two because they’re the most popular.

NGINX

Let’s start with NGINX:

  1. We’ll first install NGINX on our computer using these prompts:
Reverse proxy setup step 1
  1. Let’s now open the configuration file. Usually, you’ll find it at /etc/nginx/nginx.conf or within a site-specific file in /etc/nginx/sites-available/ or /etc/nginx/conf.d/.
  2. We’re going to create a block that will act as the reverse proxy. Here’s how I did it:
Reverse proxy server setup step 2

You’re probably wondering how I came up with that setup. Let’s unpack everything:

I used upstream backend_servers to define a group of backend servers for load balancing. Then I added proxy_pass to forward client requests to backend_servers.

Then, I wrapped it up with proxy_set_header to set HTTP headers for client IP forwarding and protocol info.

  1. It’s mic testing time. Enter the following command:
Reverse proxy server setup step 3

If everything works as expected, you’ll see this message:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

Apache

If you prefer Apache, here’s what to do:

  1. We’re going to enable the modules we need to make this work:
Reverse proxy server setup step 4
  1. Let’s open Apache’s configuration file. You’ll find it in /etc/apache2/sites-available/000-default.conf or something similar.
  2. It’s time to set up the server. Add this code inside the block:
Reverse proxy server setup step 5

Let’s talk about what we’ve just done.

We’ve used to define a load-balanced group of backend servers. We then used BalancerMember to include each backend server in the group. Finally, we threw in ProxyPass and ProxyPassReverse to route all requests to the backend group.

  1. The moment of truth is upon us. Let’s test if what we’ve just set up works as it should. Enter the following command:

If we got everything right, which we should, you’ll see a “Syntax OK” response.

The Reverse Psychology Of a Reverse Proxy

I’m hoping that you have a deeper understanding of what a reverse proxy is and when to use it. Once you’ve understood the direction this proxy faces, the rest should be easy to digest.

It’s just the reverse version of a forward proxy.

Of course, this isn’t a full course on reverse proxies. But I believe I’ve set the foundation you need to begin learning more about it.

That’s it from me today. Thank you for sticking around this far. I’ll see you for the next topic!