A reverse proxy server is a type of proxy server that is deployed between clients and back-end/origin servers, for example, an HTTP server such as NGINX, Apache, etc.. or application servers written in Nodejs, Python, Java, Ruby, PHP, and many other programming languages.
It is a gateway or an intermediary server that takes a client request, passes it on to one or more back-end servers, and subsequently fetches the response from the server and delivers it back to the client, thus making it appear as if the content originated from the reverse proxy server itself.
Generally, a reverse proxy server is an internal-facing proxy used as a ‘front-end‘ to control and protect access to back-end servers on a private network: it is typically deployed behind the network firewall.
It helps back-end servers to achieve anonymity to enhance their security. In an IT infrastructure, a reverse proxy can also function as an application firewall, load balancer, TLS terminator, web accelerator (by caching static and dynamic content), and much more.
In this article, we will review the 8 top open-source reverse proxy servers you can use on a Linux system.
HAProxy (HAProxy, which stands for High Availability Proxy), a free, open-source, very fast, reliable, and top-notch load balancer and proxying software for TCP and HTTP-based applications, built for high availability.
HAProxy is an HTTP reverse-proxy, a TCP proxy and normalizer, an SSL/TLS terminator/initiator/offloader, a caching proxy, an HTTP compression offloader, a traffic regulator, a content-based switch, a FastCGI gateway, and more. It is also a protection against DDoS and service abuse.
It is powered by an event-driven, non-blocking engine that combines a very fast I/O layer with a priority-based, multi-threaded scheduler which enables it to easily deal with tens of thousands of concurrent connections. Notably, HAProxy uses the PROXY protocol to pass the client’s connection information to backend or origin servers so that an application gets all the relevant information.
Some of HAProxy’s basic features include proxying, SSL support, monitoring both server states and its own state, high availability, load balancing, stickiness(maintain a visitor on the same server even across various events), content switching, HTTP rewriting, and redirection, server protection, logging, statistics, and much more.
NGINX, a free, open-source, high-performance, and very popular HTTP server and reverse proxy. It also functions as an IMAP/POP3 proxy server. NGINX is well known for its high performance, stability, rich feature set, simple and flexible configuration, and low resource consumption (particularly small memory footprint).
Just like HAProxy, NGINX has an event-driven architecture so it has no problem dealing with tens of thousands of concurrent connections, as it uses HAProxy’s PROXY protocol.
NGINX supports accelerated reverse proxying with caching using the ngx_http_proxy_module module, which allows passing requests to another server over protocols other than HTTP, such as FastCGI, uwsgi, SCGI, and memcached.
Importantly, it supports load balancing and fault tolerance which are vital aspects of large-scale distributed computing systems. The ngx_http_upstream_module module allows for defining groups of backend servers to distribute the requests coming from clients. This makes your applications more robust, available and reliable, highly scalable, with response time and throughput. Additionally, concerning security, it supports SSL/TLS termination and so many other security features.
Useful articles on Nginx web server you might like to read:
- How to Install Nginx Web Server on Ubuntu 20.04
- How to Install Nginx on CentOS 8
- How to Enable NGINX Status Page
3. Varnish HTTP Cache
Varnish HTTP Cache (or Varnish Cache or simply Varnish) is a free, open-source, high-performance, and very popular caching reverse-proxy software better known as a web application accelerator, designed to improve HTTP performance using server-side caching.
It is deployed between a client and an HTTP web server or application server; every time a client requests for information or a resource from a web server, Varnish stores a copy of the information, so the next time the client requests for the same information, Varnish will serve it without sending a request to the webserver thus reducing the load on the server and in turn speeding up web content delivery.
Varnish uses a flexible configuration language know as the Varnish Configuration Language (VLC) which among other things enables system administrators to configure how incoming requests should be processed, what content should be served, and from where, and how the request or response should be altered, and much more.
The varnish is also extensible – it can be extended using Varnish Modules (VMODs) and users can write their custom modules or use community provided modules.
The main limitation of Varnish is its lack of support for SSL/TLS. The only way to enable HTTPS is to deploy an SSL/TLS terminator or offloader such as HAProxy or NGINX in front of it.
Træfɪk (pronounced Traffic) is a free, open-source, modern, and fast HTTP reverse proxy and load balancer for deploying micro-services that supports multiple load balancing algorithms. It can interface with various providers (or service discovery mechanisms or orchestration tools) such as Kubernates, Docker, Etcd, Rest API, Mesos/Marathon, Swarm, and Zookeper.
Its lovable feature is its ability to manage its configuration automatically and dynamically thus discovering the right configuration for your services. It does this by scanning your infrastructure to find relevant information and discovers which service serves which request from the external world. The providers tell Træfɪk where your applications or micro-services are located.
Træfɪk’s other features are supported for WebSockets, HTTP/2, and GRPC, and hot reloading (continuously updates its configuration without restarts), HTTPS using Let’s Encrypt certificates (wildcard certificate support), and exposes a REST API. It also keeps access logs, and it provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB).
Also, Træfɪk ships with a simple HTML-based web user interface used to keep an eye on events. It also supports circuit breakers, retry requests, rate limiting, and basic authentication.
5. Apache Traffic Server
Formerly a commercial product owned by Yahoo which was later handed over to the Apache Foundation, Apache Traffic Server is a free, open-source, and fast caching forward and reverse-proxy server.
Traffic Server also works as a load balancer and can participate in flexible cache hierarchies. It is known to have handled over 400 TB a day of traffic at Yahoo.
It features a set of keep-alive, filtering, or anonymizing of content requests, and is extensible via an API that allows users to create custom plugins to modify HTTP headers, handle ESI requests, or design new cache algorithms.
6. Squid Proxy Server
Squid is a free, open-source, and well-known proxy server and Web cache daemon that supports various protocols such as HTTP, HTTPS, FTP, and more. It features a reverse proxy (httpd-accelerator) mode that caches incoming requests for outgoing data.
It supports rich traffic optimization options, access control, authorization, logging facilities, and much more.
A Pound is another free and open-source, lightweight reverse-proxy and load balancer and front-end for web servers. It is also an SSL terminator (that decrypts HTTPS requests from clients and sends them as plain HTTP to the back-end servers), an HTTP/HTTPS sanitizer(that verifies requests for correctness and accept only well-formed ones), and a fail-over server.
8. Apache HTTP Server
Last but not least, we have an Apache HTTP server (also known as HTTPD), the most popular web server on the globe. It can also be deployed and configured to act as a reverse proxy.
Additionally, you can also checkout Skipper, the new kid on the block. It is a free and open-source HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress.
That’s all we had for you in this guide. For more information about each tool in this list, check out their respective websites. Do not forget to share your thoughts with us via the feedback form below.