29 October 2021
A proxy server sits between a client and one or more other servers. This article briefly looks at forward and reverse proxies.
A forward proxy handles outgoing traffic. So, rather than connecting to a server directly traffic is first sent to the proxy. This can be useful for online privacy and bypassing geo-restrictions. For instance, if you want to view content that is restricted to, say, IP addresses in the United States then you can use a proxy with an American IP address to access the content. The server only sees the proxy’s American IP address, so as far as it is aware you are in the USA.
Organisations can use forward proxies to monitor and filter outgoing requests. If staff are spending too much time on social media sites then a simple filtering rule can drop all such traffic. Parents can do the same on their home network if their kids are watching YouTube rather than concentrating on their home work.
It is worth noting that proxies are different from VPNs. A proxy works on the application level while a VPN works on the system level. When you connect to a VPN all your internet traffic, including DNS requests, is routed through the VPN. Both can provide some level of online anonymity, though that largely depends on how well the proxy or VPN is configured.
A reverse proxy sits in front of one or more web servers. Put simply, a reverse proxy intercepts traffic destined for your domain(s). There are again several use cases for this. One common use for a reverse proxy is load balancing. A busy website can use a proxy to evenly distribute traffic between multiple servers. In such a set-up it is also easy to temporarily take out one of the servers (to do maintenance work, for instance).
The proxy can also be used to manage SSL certificates in a central place and to cache content. In Nginx, which is commonly used as a reverse proxy, you can achieve that with proxy_cache
directives.
A reverse proxy can even be handy if you have a small website that doesn’t get a lot of traffic. I sometimes use a reverse proxy to host multiple websites in containers on a single server. Normally that is tricky, as you can’t have more than one container that uses port 80. With a reverse proxy each container can use its own port – the reverse proxy is used to map domains to port 80 (and port 443 on a production server). If you want to learn more about that, the article about configuring multiple containers with an Nginx reverse proxy should be a good starting point.
So far I have only looked at the benefits of using a proxy. There are downsides as well. In particular, adding a middleman adds complexity and another potential point of failure. Large websites can benefit greatly from a reverse proxy, but only if the proxy is secure and able to handle all the traffic. In short, proxies have many uses and benefits, but they have to be managed well.