Understanding Forward and Reverse Proxies: Concepts, Differences, and Nginx Configuration
This article explains the fundamentals of forward and reverse proxies, compares their characteristics and differences, and provides practical Nginx configuration examples for implementing reverse proxy, load balancing, and cross‑origin handling in web applications.
Preface
This is the third revised version of the article.
My boss thought the writing was fine but still didn’t understand what a reverse proxy is, so I decided to explain forward and reverse proxies in a way that non‑IT people can grasp.
I will first explain the concept of “proxy” to the general audience, then give a professional explanation of forward and reverse proxies.
Concept Instantiation
Before describing the proxy concept I use an analogy that I used when explaining it to my boss.
When I was at a loss, she asked me if I had dinner – a perfect example to start the explanation.
Now let’s take a serious look at “forward proxy” and “reverse proxy”.
Concept
First, look at the diagram for an overall understanding.
Forward Proxy (Forward Proxy)
A forward proxy sits between the client and the origin server; the client sends a request to the proxy specifying the target server, the proxy forwards the request to the origin server, receives the response, and returns it to the client.
Reverse Proxy (Reverse Proxy)
A reverse proxy accepts Internet connections, forwards them to internal servers, and returns the internal server’s response to the external client, appearing to the outside world as a single server.
Now I will summarize their characteristics.
Characteristics
Forward Proxy
Acts as a proxy for the client.
Hides the real client, making the client invisible to the server.
One server can serve as a forward proxy for all users in a LAN, handling HTTP requests.
Communication with the target server goes through the forward‑proxy server.
Reverse Proxy
Acts as a proxy server.
Hides the real server, making the server invisible to the client.
Provides load balancing by distributing client requests to idle servers.
Clients resolve the domain name to the IP of the load‑balancing server.
Common Points
Both serve as an intermediate layer between client and server.
Both can enhance internal network security and block web attacks.
Both can implement caching to improve access speed.
Differences
Forward proxy is a client‑side proxy; reverse proxy is a server‑side proxy.
In forward proxy the server does not know the real client; in reverse proxy the client does not know the real server.
Forward proxy solves access‑restriction problems; reverse proxy provides load balancing, security protection, etc.
Having covered the theory, let’s look at real‑world usage scenarios.
Practical Application
Internet Software – Forward Proxy
In China, accessing www.google.com is blocked by the GFW. To reach Google, you need a proxy that requests the site on your behalf and returns the response.
The GFW filters traffic between China and the outside world, restricting both inbound and outbound access; a forward proxy helps bypass these restrictions.
Nginx Server – Reverse Proxy
Nginx offers many functions such as reverse proxy, load balancing, and static file serving.
Clients can request Nginx, which forwards the request to the application server and returns the result, acting as a reverse proxy.
Configure Reverse Proxy in a Virtual Host
# Virtual host configuration
server {
listen 8080; # Listening port
server_name 192.168.1.1;
root /data/toor; # Site root directory
error_page 502 404 /page/404.html; # Error page
location ^~/api/ {
proxy_pass http://192.168.20.1:8080; # Backend application server
}
}The above simple configuration enables reverse‑proxy functionality.
Reverse proxy can also handle cross‑origin issues.
In a Vue‑CLI project we use the http-proxy-middleware plugin to configure proxy servers.
We can use proxyTable to set up address mapping, for example:
proxyTable: {
'/weixin': {
target: 'http://192.168.20.1:8080/', // Backend server address
secure: false, // Set to false if the backend uses HTTPS
changeOrigin: true, // Needed for cross‑origin requests
pathRewrite: { '^/weixin': '' }
}
}Load Balancing Configuration
# upstream defines a pool of backend servers named "my"
upstream my {
server 192.168.2.1:8080 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.2.2:8080 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.2.3:8080 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.2.4:8080 weight=1 max_fails=2 fail_timeout=30s;
# If a server fails twice within 30 seconds it is considered unavailable
}Load balancing distributes requests evenly across multiple servers; the key is uniform distribution.
You can also use ip-hash to bind a client’s IP hash to a specific server, or adjust the weight parameter to give more capable servers a larger share of traffic.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.