System Design part 3 continued: Reverse Proxy
What is reverse proxy?
A reverse proxy is a server that consolidates internal services and provides combined interface to the outer world. They act as a intermediary between clients and servers, performing tasks to improve website efficacy. Their tasks involves around receiving client request, forwarding it to the appropriate server, and returning server response back to the client. This can be accomplished by using a dedicated hardware, but modern web architectures use software applications.
Difference between Reverse Proxy and Load balancer?
Reverse proxy and load balancer sound pretty similar, but they have different use case. Lets breakdown both of them and understand differences between them.
Load Balancer:
Load balancer is setup when an application is using multiple servers(one server is insufficient to handle all the requests efficiently) and the job of load balancer is to efficiently distribute all the client requests among healthy servers. I used the word “healthy” because load balancer frequently check the health of its server group and if any server is found unhealthy, no requests would be send to that server until it becomes functional again.
I have discussed load balancer along with its advantages and disadvantages in detail in my previous blog: Load Balancer
Reverse Proxy:
Setting up load balancer makes sense when we have multiple servers, whereas reverse proxy could be set even with just one server(web/application). The address of reverse proxy is advertised as the website’s address, and it rests at the boundary of the website network handling all of the client requests. We could say that reverse proxy is a website’s public face.
Both NGINX and HAProxy are softwares that support reverse proxy and load balancing.
Advantages of using reverse proxy:
- Security: Since we dont share backend server information outside, causing malicious users unable to access servers directly. Prevents against Distributed Denial of Service (DDoS) attacks by blacklisting malicious IP address and limit the connection requests per client.
- Flexibility: Since we only share reverse proxy IP address, this makes developers flexible to change backend infrastructure or scale servers.
- Compression: Compressing server responses to reduce the bandwidth it would otherwise require, hence faster transit over the network.
- SSL Termination: Decrypting client requests and encrypting server responses to save backend servers from performing computationally expensive tasks and freeing them up for their main purpose. Encryption-decryption helps protect the resources when shared across public network.
- Caching: Stores copy of server response locally to save time and resources incase client sends same request again. Known as web acceleration. Decreases response time and reduces load on backend servers.
Disadvantages of using reverse proxy:
- Complexity: Introducing reverse proxy results in increased overall complexity of the application.
- Single point of failure: Configuring a single reverse proxy could result in single point of failure, setting up multiple reverse proxies further increases complexity.
- Access breach: Using third party reverse proxy brings in additional security issues like inappropriate access to data.
- TLS certificate: Reverse proxy needs to possess TLS certificate and its corresponding private key to be able to cache/compress/filter traffic. Extending the no of systems that has access to non-encrypted data, makes it a valuable target for attackers.
Like every other service, reverse proxy has its own merits and demerits and it depends entirely upon company’s resources and traffic if reverse proxy needs to be deployed in the website network.
Thank you for checking out my blog and happy learning!
Make sure to follow me to cover entire system design interview prep series.
