What is a Reverse Proxy?
Learn what a reverse proxy is, how it differs from a forward proxy, and its role in TLS termination, load balancing, and caching.
Expected Interview Answer
A reverse proxy is a server that sits in front of one or more backend servers and forwards client requests to them, returning the response back to the client as if it came from the proxy itself.
Unlike a forward proxy, which sits in front of clients and hides their identity from servers, a reverse proxy sits in front of servers and hides their identity and topology from clients. It commonly handles cross-cutting concerns such as load balancing across backend instances, SSL/TLS termination so backend servers do not need to manage certificates, response caching to reduce backend load, and request routing based on URL path or hostname. Popular reverse proxies like Nginx, HAProxy, and Envoy also provide compression, rate limiting, and web application firewall capabilities at a single choke point. Centralizing these concerns at the reverse proxy simplifies backend services, since they can focus purely on business logic rather than TLS, routing, or traffic shaping.
- Hides backend server topology and IP addresses from clients
- Centralizes TLS termination and load balancing
- Enables caching and compression at a single layer
- Simplifies backend services by offloading cross-cutting concerns
AI Mentor Explanation
A reverse proxy is like a team manager who fields every media question after a match instead of letting reporters approach individual players directly. Reporters (clients) only ever interact with the manager, who decides which player’s answer to relay back and can even bundle standard quotes without bothering the players at all. The players (backend servers) never have to deal with the media crush directly, and the outside world never learns which player’s room number to knock on. That single front-facing point of contact hiding what is behind it is exactly what a reverse proxy does for servers.
Step-by-Step Explanation
Step 1
Client sends a request
The client connects only to the reverse proxy’s public address, never directly to a backend server.
Step 2
Proxy terminates TLS and inspects the request
The proxy decrypts HTTPS traffic and reads the path, host, or headers to decide routing.
Step 3
Proxy forwards to a backend
Based on routing rules and load balancing, the request is sent to one of the backend servers over the internal network.
Step 4
Response flows back through the proxy
The backend’s response returns via the proxy, which may cache or compress it before sending it to the client.
What Interviewer Expects
- Correct definition: sits in front of servers, forwards client requests to them
- Clear distinction from a forward proxy (client-side vs server-side)
- At least two concrete responsibilities: TLS termination, load balancing, caching, or routing
- Naming a real tool such as Nginx, HAProxy, or Envoy
Common Mistakes
- Confusing a reverse proxy with a forward proxy
- Describing it only as a load balancer without mentioning TLS termination or caching
- Failing to explain that it hides backend topology from clients
- Not naming any real-world reverse proxy tool
Best Answer (HR Friendly)
“A reverse proxy is a server that sits in front of your actual backend servers and handles incoming requests on their behalf, so clients only ever talk to the proxy, never directly to the servers doing the real work. It commonly takes care of things like decrypting HTTPS traffic, distributing load across multiple servers, and caching common responses, which keeps the backend servers simpler and better protected.”
Code Example
server:
listen: 443 ssl
server_name: example.com
ssl_certificate: /etc/ssl/certs/example.com.crt
ssl_certificate_key: /etc/ssl/private/example.com.key
locations:
- path: /api/
proxy_pass: http://backend-api:8080
- path: /static/
proxy_pass: http://backend-static:8081
proxy_cache: static_cache
- path: /
proxy_pass: http://backend-web:8082Follow-up Questions
- How does a reverse proxy differ from a forward proxy?
- What is the difference between a reverse proxy and a load balancer?
- How does a reverse proxy handle TLS termination?
- When would you use an API gateway instead of, or alongside, a reverse proxy?
MCQ Practice
1. Where does a reverse proxy sit relative to the client and backend servers?
A reverse proxy fronts backend servers and hides their identity and topology from clients, the opposite of a forward proxy.
2. Which of these is a common responsibility of a reverse proxy?
Reverse proxies commonly terminate TLS so backend servers do not need to manage certificates directly.
3. Which tool is commonly used as a reverse proxy?
Nginx (along with HAProxy and Envoy) is a widely used reverse proxy and load balancer.
Flash Cards
What is a reverse proxy? — A server in front of backend servers that forwards client requests to them and hides their topology.
Reverse proxy vs forward proxy? — Reverse proxy fronts servers; forward proxy fronts clients.
Name a common reverse proxy responsibility. — TLS termination, load balancing, caching, or path-based routing.
Name a popular reverse proxy tool. — Nginx, HAProxy, or Envoy.