What is reverse proxy and why should you use it in your website? Live example 2019

What is reverse proxy and why should you use it in your website? Live example 2019

In this article I’ll try to cover almost every basic question that revolves around reverse proxy. The following questions will be answered:

What is reverse proxy?

Let’s start with simple definition of proxy which means (in non technical terms) A acting on the behalf of B. Similarly, the reverse proxy in technical terms, classified as : Acting on behalf of service/content producer.

Reverse Proxy is an intermediate medium used for distribution of incoming traffic across multiple servers. i.e. balancing the load across servers. In most cases it is a common server which acts as an intermediate, or you can say a face for incoming traffic.

In simple terms,

  • It takes the request from client,
  • Completes a TCP three-way handshake, and terminates the initial connection
  • then forwards it to concerned server and return the response received by server to the client.

How does it work?

Lets take an example of this site only to make it easy to understand. Look at the URL, you are currently on aarvy.me/blog which is a WordPress application running on Apache web server. If you go to main page aarvy.me, that is a static web page running on nginx web server on EC2. The main page is actually a Ruby Rails Application. Now you might be thinking, how it is possible that I am running two completely different applications that requires completely different environments all together, under single root domain?

Here comes the working part. When you send a request to my domain, it first received by nginx. Nginx (depending on configuration of proxy_pass), routes the incoming request to blog.aarvy.me which resolves to the public IP and hence gets connect to the different web server (Apache).

The culprit here is proxy_pass module (in nginx) or ProxyPass module (in Apache). It takes an argument which considered as destination path and if set, redirect the traffic without changing the Host URL. You can configure it in your nginx.conf (for nginx) or httpd.conf (for Apache). By nginx official documentation:

proxy_pass sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified. The address can be specified as a domain name or IP address, and an optional port:

eg. proxy_pass http://localhost:8000/uri/;

Why you should use reverse proxy server?

Scaling benefits are:

  • Increased scalability and flexibility – Because clients see only the reverse proxy’s IP address, you are free to change the configuration of your backend infrastructure. This is particularly useful In a load-balanced environment, where you can scale the number of servers up and down to match fluctuations in traffic volume.
  • Compression – Compressing server responses before returning them to the client (for instance, with gzip) reduces the amount of bandwidth they require, which speeds their transit over the network.
  • Caching – Before returning the backend server’s response to the client, the reverse proxy stores a copy of it locally. When the client (or any client) makes the same request, the reverse proxy can provide the response itself from the cache instead of forwarding the request to the backend server. This both decreases response time to the client and reduces the load on the backend server.

The security benefits are:

  • Increased security – No information about your backend servers is visible outside your internal network. So, malicious clients cannot access them directly to exploit any vulnerabilities. Many reverse proxy servers include features that help protect backend servers from DDoS attacks. For example, by blacklisting traffic from particular client IP addresses, or limiting the number of connections accepted from each client.
  • SSL termination – Reverse proxy server is the first one to receive the request. Which makes it is the best place for performing computationally expensive task like decryption and encryption. By decrypting incoming requests and encrypting server responses, the reverse proxy frees up resources on backend servers.
  • Firewall: When routing your incoming traffic through a reverse proxy server, connections are first terminated by the proxy and then reopened with the backend server.

Hope this helps. You can suggest me more questions to add by commenting below.

Leave a Reply