What is a reverse proxy?

A reverse proxy sits in front of backend servers and intercepts client requests before forwarding them to the appropriate backend server. The client interacts with the proxy, not directly with the backend — the backend server's identity is hidden. Benefits: (1) Load balancing: distribute requests across multiple backend servers; (2) SSL/TLS termination: handle HTTPS at the proxy, communicate with backends in plain HTTP — simpler certificate management, offloads crypto from app servers; (3) Caching: cache responses and serve without hitting the backend; (4) Compression: compress responses (gzip, brotli) before sending to clients; (5) Security: hides backend server IPs, protects against DDoS (absorbs traffic), Web Application Firewall (WAF); (6) Static file serving: serve static assets without hitting the app server; (7) URL rewriting: translate public URLs to internal paths; (8) Authentication: enforce auth at proxy level. vs Forward proxy: a forward proxy sits in front of clients — used for client anonymity, content filtering, corporate internet access control. A reverse proxy protects servers. Examples: Nginx (most common), Apache HTTP Server, HAProxy (high-performance LB), Traefik (microservices-aware), Caddy (automatic HTTPS). In most production setups: client → CDN → Load Balancer/Reverse Proxy → App servers → Databases.