Abdu's Garden

Reverse Proxy

Properties1
tagsreverseproxy, networking, systemdesign

3 min read

Intro

A Reverse Proxy is a server that lives between the web severs and their clients.
It forwards the clients’ requests to the web servers, while increasing security, performance, and reliability.

What is a Proxy Server?

A proxyserver (AKA Forward Proxy, Proxy Server) sits in front of the client and forward requests from the client to the server. Often times providing control and anonymity.

The following illustration shows a classic example:
width:400

Benefits

  1. avoids restricted browsing by institutions and governments by connecting to the proxy instead of restricted resources directly.
  2. Blocks access to specified content. Opposite of the previous example, a connection to a proxy can be used to block and filter access to certain resources.
  3. Protects identities online. It’s another layer of obfuscation, that masks your IP address and provides increased anonymity.

How Are Reverse Proxies Different?

The difference lies in where the server sits. With a reverse proxy, it lives between the web servers and the outside web.

The reverse proxy is at the edge of the web servers network, and intercepts all requests incoming from the outside network, and forwards them to the appropriate backend servers.

This allows the reverse proxy to get the appropriate response and send it back to the client that made the request.

The flow looks like this: Req -> RevProxy -> Backend -> RevProxy -> Res
The client never sees what’s behind the Reverse Proxy!

Another illustration to drive this home:
width:400

Benefits

  1. SSL Encryption and Termination: Encrypting and decrypting the ssl for https is CPU intensive and by having an RP, it alleviates the burden from the backend.
  2. Compression: RPs also compress the responses using Gzip before sending over the network.
  3. Load Balancing: this is a fancy term for serve traffic man. The proxy will manage the traffic and distribute it based on a specific job/event handling algorithm. For more, check out Distributed System Design Basics > Load Balancers
  4. Protection From Attacks: Another layer between the outside and the web servers, it hides the servers IP addresses and origin(s), only the RP’s IP address is public. Reducing the risk of attacks such as ddos.
  5. Caching: Another system design basic, Distributed System Design Basics > Caching, the server that acts as a proxy can also be configured to be a cache for the system, that way it can serve frequently requested content without asking the servers, reducing latency and computational load.

Common Tools

These include:

  • Appache
  • NGINX
  • Caddy
  • HAProxy

References

Graph View