BestHub
Sign in
Operations 4 min read

Mastering Nginx Reverse Proxy: Architecture, Config, and Best Practices

This article explains Nginx reverse proxy fundamentals, compares forward and reverse proxy concepts, outlines a typical three‑layer architecture, and provides a complete configuration example that demonstrates upstream definition, request forwarding, and header preservation for backend services.

Architect Chen
Architect Chen
Architect Chen
Mastering Nginx Reverse Proxy: Architecture, Config, and Best Practices

What is Nginx Reverse Proxy?

Reverse proxy is a core Nginx feature where client requests are received by Nginx, which then forwards them to backend servers while the client only sees the Nginx address.

Forward vs Reverse Proxy

In a forward proxy the proxy represents the client, e.g., a VPN or censorship‑bypass tool. In a reverse proxy the proxy represents the server; the client does not know which backend handles the request.

Typical Architecture

The common three‑layer architecture consists of:

Client layer: browsers or apps that request nginx.example.com.

Nginx layer: one or more Nginx instances exposed on a public IP or VIP, providing SSL termination, rate limiting, caching, and reverse proxy.

Backend layer: multiple application servers (Java, Python, PHP, etc.) reachable only on the internal network.

Requests flow from the client to Nginx, which selects a backend from an upstream group and forwards the request. Nginx can rewrite request/response headers and URIs during the process.

Nginx reverse proxy architecture diagram
Nginx reverse proxy architecture diagram

Key Configuration Example

http {
    upstream backend {
        server 192.168.1.10:8080;
        server 192.168.1.11:8080;
    }

    server {
        listen 80;
        server_name example.com;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

The upstream backend block defines a pool of backend servers that can be load‑balanced. The proxy_pass directive forwards matching requests to this pool. proxy_set_header directives forward the original client IP and host information so the backend can see the true client details instead of Nginx’s internal address.

Summary

By configuring Nginx as a reverse proxy you obtain a scalable, secure entry point for web services, with the ability to balance traffic, terminate SSL, cache content, and preserve client metadata for backend applications.

Load BalancingNginxreverse proxyserver configuration
Architect Chen
Written by

Architect Chen

Sharing over a decade of architecture experience from Baidu, Alibaba, and Tencent.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment