A reverse proxy
retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself. This is mostly used for TLS termination.
It gets the term reverse, as in a normal proxy scenario the server doesn’t know the client because the request comes from a proxy server. But in reverse proxy, the client doesn’t know the final destination server.
E.g, I tell a reverse proxy server to get me google.com, it asks one of the thousand google servers and sends me back the response. I have no idea from which server it came from.
Let’s quickly go over the reverse proxy use cases:
- Load balancing
- Ingress (Common in Service-Oriented Architectures (SOA))
- Canary Deployment: It’s a pattern for rolling out releases to a subset of users or servers.
You must not use a proxy instead of a VPN for anonymity. If you are using it, make sure it’s not a TLS termination proxy as a VPN only has access to the domain you’re visiting not the content. (assuming it’s https) But proxies with TLS termination actually decrypt the traffic and forwards the request over http.