Skip to content

Reverse Proxy

What is a reverse proxy?

Check https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/ for more detailed information.

A reverse proxy is a server that its in front of web servers and forwards client requests to those web servers. Reverse proxies are typically implemented to help increase security, performance and reliability.

What is a proxy server?

A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients.

A proxy server can be used to:

  • Avoid state or institutional browsing restrictions
  • Block access to certain content
  • Protect their identity online

How is a reverse proxy different?

A reverse proxy is a server that its in front of one or more web servers, intercepting requests from clients. This is different from a forward proxy, where the proxy sits in front of the clients. With a reverse proxy, when clients send requests to the origin server of a website, those requests are intercepted at the network edge by the reverse proxy server. The reverse proxy server will then send requests to and receive responses from the origin server.

Simplified: A forward proxy sits in front of a client and ensures that no origin server ever communicates directly with that specific client. A reverse proxy sits in front of an origin server and ensures that no client ever communicates directly with that origin server.

Benefits of a reverse proxy are:

  • Load balancing
  • Protection from attacks
  • Caching
  • SSL encryption

Check What Is a Reverse Proxy, and How Does It Work? for more information.

Configurable Frontend

One of the benefits of reverse proxies like NGINX is how highly configurable they are. Often, they're useful to have in front of other services just to configure how users access those services.

For example, NGINX is able to rate limit requests to certain routes, which can prevent abusers from making thousands of requests to origin servers from a single IP.

NGINX is also able to forward traffic from multiple domain names with configurable "server" blocks. For example, it could send requests to example.com to your origin server, but send api.example.com to your special API server, or files.example.com to your file storage, and so on. Each server can have its own configuration and rules.

NGINX is also able to add extra features on top of existing origin server, like centralized HTTPS certificates and header configuration.

Sometimes, it's useful just to have NGINX on the same machine as another local service, simply to server content from that service.

Centralized Logging

Having most of the traffic going through one service makes it easy to check logs. NGINX's access log contains lots of useful info about the traffic.