A proxy is a server that sits between a client and another server, acting as an intermediary. There are two types, and they sit on opposite sides of the connection. Let’s clear up the difference once and for all.
Forward Proxy vs Reverse Proxy
The only difference is which side they protect:
- Forward proxy sits in front of clients. The server doesn’t know who the real client is. Example: a VPN or corporate proxy.
- Reverse proxy sits in front of servers. The client doesn’t know which server actually handled the request. Example: Nginx routing to backend servers.
In system design, we almost always talk about reverse proxies.
What a Reverse Proxy Does
A reverse proxy is incredibly useful. It handles a bunch of cross-cutting concerns so our application servers don’t have to:
SSL/TLS Termination
The reverse proxy handles HTTPS encryption and decryption. Traffic between the proxy and our internal servers can be plain HTTP (since it’s within our network). This offloads CPU-intensive crypto work from our app servers.
Load Balancing
Distribute requests across multiple backend servers. Most reverse proxies have load balancing built in (round robin, least connections, etc.).
Compression
Compress responses (gzip, brotli) before sending them to clients. Reduces bandwidth and speeds up page loads.
Caching
Cache static content (or even dynamic responses) and serve them directly without hitting the backend. Huge performance boost.
Request Routing
Route different URL paths to different backend services:
/api/*→ API servers/static/*→ File server/→ Frontend server
This is how we can run multiple services behind a single domain.
Rate Limiting & Security
Block malicious traffic, limit requests per IP, add security headers — all at the proxy level before requests reach our application.
Popular Reverse Proxies
| Tool | Known For |
|---|---|
| Nginx | Industry standard. Extremely fast and widely used. Powers ~30% of the web. |
| Caddy | Modern, automatic HTTPS (auto-renews certificates). Great DX. |
| HAProxy | High-performance, used by high-traffic sites like GitHub. |
| Traefik | Docker/Kubernetes native. Auto-discovers services. |
| Apache | Old school but still widely used. mod_proxy module. |
Forward Proxy Use Cases
While less common in system design interviews, forward proxies are still important:
- Corporate networks — Control and monitor employee internet access
- Bypassing restrictions — VPNs are forward proxies that let us access geo-blocked content
- Anonymity — Hide our IP address from websites we visit
- Caching for clients — A school might cache frequently accessed educational sites to save bandwidth
Reverse Proxy in System Design
In every system design interview, there’s a reverse proxy somewhere. It’s usually sitting right behind the DNS/load balancer:
User → DNS → Reverse Proxy / LB → App Servers → DatabaseSometimes the reverse proxy IS the load balancer (Nginx and Caddy can do both). In cloud setups, managed load balancers (AWS ALB) take over this role.
When discussing our architecture, we can mention the reverse proxy handles:
- SSL termination (so internal traffic is faster)
- Static file serving (so app servers focus on business logic)
- Request routing (so we can run multiple services behind one domain)
Proxy vs Load Balancer vs API Gateway
These terms overlap a lot. Here’s the quick distinction:
- Reverse Proxy — General purpose: SSL, caching, compression, routing
- Load Balancer — Specifically distributes traffic across servers
- API Gateway — Like a reverse proxy but for APIs: auth, rate limiting, request transformation, analytics
Many tools (like Nginx, Caddy, Kong) can act as all three. In system design, we don’t need to be pedantic about the labels — just explain what the component does.
In simple language, a reverse proxy is the bouncer at the club. It stands at the door, handles the crowd, checks IDs (SSL), and directs people to the right area inside. Our application servers just focus on doing their job without worrying about all that.