100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

What is a Reverse Proxy?

Learn what a reverse proxy is, how it load balances and terminates TLS, and why it hides backend servers — with interview Q&A.

mediumQ190 of 224 in Computer Networks Est. time: 5 minsLast updated:
Open Code Lab

Expected Interview Answer

A reverse proxy is a server that sits in front of one or more backend servers and accepts client requests on their behalf, forwarding each request to an appropriate backend and returning the backend’s response to the client as if the proxy itself had produced it.

Clients only ever talk to the reverse proxy’s public address; they have no direct visibility into which backend instance actually served the request. This lets the proxy perform load balancing across multiple backend replicas, terminate TLS once at the edge instead of on every server, cache frequent responses, compress payloads, and apply rate limiting or request routing rules based on path or host header. Because the backend topology is hidden, operators can add, remove, or replace backend servers without any client-visible change. Common reverse proxy software includes Nginx, HAProxy, Envoy, and cloud load balancers, and the pattern is foundational to almost every production web architecture at scale.

  • Load balances requests across multiple backend instances
  • Centralizes TLS termination and certificate management
  • Hides backend topology and enables zero-downtime deploys
  • Adds caching, compression, and rate limiting at the edge

AI Mentor Explanation

A reverse proxy is like a team’s media manager who intercepts every interview request instead of letting reporters approach players directly. The manager decides which available player answers based on who is free, relays the question, and hands the reporter a polished response as if it came straight from the team. Reporters never learn which player actually spoke, and the manager can swap which player answers a similar question tomorrow without reporters noticing. This is exactly how a reverse proxy fields client requests and routes them to whichever backend server is available.

Step-by-Step Explanation

  1. Step 1

    Client request arrives

    A client sends a request to the reverse proxy’s single public address, unaware of the backend topology behind it.

  2. Step 2

    Routing decision

    The proxy inspects the request (path, host header, headers) and selects a healthy backend instance using its load-balancing or routing rules.

  3. Step 3

    Forward and augment

    The proxy forwards the request to the chosen backend, optionally terminating TLS, adding headers, or serving from cache.

  4. Step 4

    Response relay

    The backend’s response is returned through the proxy to the client, who sees only the proxy as the origin.

What Interviewer Expects

  • Clear definition distinguishing reverse proxy from forward proxy
  • Understanding of load balancing, TLS termination, and caching roles
  • Awareness that backend topology stays hidden from clients
  • Familiarity with real tools like Nginx, HAProxy, or Envoy

Common Mistakes

  • Confusing a reverse proxy with a forward proxy
  • Thinking a reverse proxy only load balances and nothing else
  • Forgetting TLS termination is a primary reverse proxy responsibility
  • Assuming clients must know which backend server handled their request

Best Answer (HR Friendly)

A reverse proxy is a server that stands in front of your actual application servers and takes all the incoming traffic first. It figures out which backend server should handle each request, forwards it there, and sends the answer back to the user as if it came from one single place. This makes it easy to scale, add security like HTTPS, and swap servers in and out without users noticing anything.

Code Example

A minimal Nginx reverse proxy config
# /etc/nginx/conf.d/app.conf
upstream backend_pool {
    server 10.0.1.11:8080;
    server 10.0.1.12:8080;
    server 10.0.1.13:8080;
}

server {
    listen 443 ssl;
    server_name api.example.com;

    ssl_certificate     /etc/ssl/certs/example.crt;
    ssl_certificate_key /etc/ssl/private/example.key;

    location / {
        proxy_pass http://backend_pool;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Follow-up Questions

  • How does a reverse proxy differ from a forward proxy?
  • What load-balancing algorithms can a reverse proxy use?
  • How does a reverse proxy help with zero-downtime deployments?
  • What headers does a reverse proxy typically add or preserve for the backend?

MCQ Practice

1. What is the primary role of a reverse proxy?

A reverse proxy accepts client requests and forwards them to an appropriate backend server, hiding backend topology.

2. Which of these is a common reverse proxy responsibility?

Reverse proxies commonly terminate TLS and distribute load across backend instances.

3. From the client’s perspective, who appears to serve the response in a reverse proxy setup?

Clients only see the reverse proxy’s public address; the backend instance is hidden from them.

Flash Cards

What is a reverse proxy?A server that receives client requests and forwards them to backend servers, hiding backend topology.

Two key reverse proxy benefits?Load balancing across backends and centralized TLS termination.

Do clients know which backend served them?No — they only see the reverse proxy’s public address.

Name two reverse proxy tools.Nginx and HAProxy (also Envoy, cloud load balancers).

1 / 4

Continue Learning