SDI.
All Concepts
NetworkingnginxHAProxyload-balancingTLS-terminationcachingsecuritygateway

Reverse Proxy

A reverse proxy sits in front of backend servers and forwards client requests to them, providing load balancing, caching, TLS termination, compression, and security — all transparent to the client.

A reverse proxy accepts requests from clients on behalf of backend servers, forwarding each request to the appropriate server and returning the response. Unlike a forward proxy (which acts on behalf of clients), a reverse proxy acts on behalf of servers. Key benefits: load balancing across multiple backends, TLS termination (handle HTTPS at the proxy, speak HTTP internally), caching of responses, compression, and security (hide backend topology, absorb attacks). Nginx and HAProxy are the most widely deployed reverse proxies.

Tradeoffs

Strengths

  • Centralized concerns: TLS, caching, compression, rate limiting, and logging are handled in one place.
  • Backend isolation: Clients never interact directly with backends, improving security and flexibility.
  • Zero-downtime deploys: Connection draining and traffic splitting enable seamless deployments.
  • Protocol translation: Accept HTTP/2 from clients, speak HTTP/1.1 to backends; handle gRPC and WebSocket routing.
  • Performance: Connection pooling and keep-alive reduce backend load; caching offloads repeated requests.

Weaknesses

  • Single point of failure: If the proxy goes down, everything goes down. Mitigate with redundant proxies and health checking.
  • Added latency: Each proxy hop adds 0.5–2ms of latency.
  • Configuration complexity: Complex routing rules, TLS configs, and caching policies can be error-prone.
  • Debugging difficulty: The proxy can obscure the source of problems — is the issue in the proxy config, the backend, or the network?
  • Bottleneck risk: A misconfigured or under-provisioned proxy can become the throughput bottleneck.
  • State management: Sticky sessions (routing the same client to the same backend) limit load balancing flexibility.

Likely Follow-Up Questions

  • What is the difference between a reverse proxy and a load balancer?
  • How does TLS termination at the proxy work, and what are the security implications?
  • When would you choose Envoy over Nginx?
  • How do you implement zero-downtime deployments using a reverse proxy?
  • What is a service mesh sidecar proxy and when would you use one?
  • How does HTTP/2 multiplexing interact with reverse proxy connection pooling?

Related Concepts

Load BalancingAPI GatewayContent Delivery NetworksMicroservices ArchitectureRate Limiting

Source: editorial — Synthesized from Nginx, HAProxy, and Envoy documentation, GitHub/Airbnb engineering blogs, and service mesh architecture patterns.

Command Palette

Search for a command to run...