Reverse Proxy

Definition

A reverse proxy sits in front of your application servers, accepting client connections and forwarding them to backends. It centralizes TLS, routing, caching, compression, and security (WAF/rate limiting).

Benefits

Security boundary, hides internal topology.
Offloads TLS and compression, improving backend efficiency.
Centralized observability and access control.

Common features

TLS termination, HTTP/2/3, SNI support.
URL/path rewriting, header manipulation, caching.
WAF, bot protection, rate limiting, IP allow/deny lists.

Capabilities

TLS termination, SNI, HTTP/2/3.
URL rewrites, headers, compression, caching.
Perimeter auth, WAF, rate limiting.

Tools

Nginx, HAProxy, Envoy. Combine with service discovery for dynamic backends.

Code: Basic Nginx reverse proxy

# language-nginx
server {
  listen 443 ssl http2;
  server_name example.com;
  ssl_certificate /etc/ssl/fullchain.pem;
  ssl_certificate_key /etc/ssl/privkey.pem;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://app_backend; # upstream defined elsewhere
  }
}

Header normalization and security

# language-nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
more_set_headers "Server:";

Canary and A/B

# language-nginx
map $http_x_experiment $upstream_pool {
  default blue;
  v2      green;
}

upstream app_blue { server app1:80; server app2:80; }
upstream app_green { server app3:80; }

server {
  location / {
    proxy_pass http://app_$upstream_pool;
  }
}

*Reverse Proxy