A reverse proxy sits in front of a web server and receives all the requests before they reach the origin server. It works similarly to a forward proxy, except in this case it’s the web server using the proxy rather than the user or client. Reverse proxies are typically used to enhance performance, security, and reliability of the web server.
For example, you can have a non-WordPress site hosted at example.com domain on Server A and have its blog running on WordPress at example.com/blog URL hosted on Server B. You can achieve this by adding a reverse proxy for the server hosting your primary site. You can configure the reverse proxy to redirect requests to the blog to a different server (e.g. a managed WordPress host like Kinsta).
In this article, you’ll learn the basics of reverse proxy servers, how they work, what their major benefits are, and how you can use them to speed up and secure your WordPress site.
Excited? Let’s start!
To understand what a reverse proxy server is, you need first to know its role and get familiar with all its related terms.
When you browse the web normally by entering a domain name or clicking a link, your browser/device connects to the website’s server directly and starts downloading its resources.
Apart from enhancing user privacy, a forward proxy is mainly used to bypass geographical content restrictions. For instance, if you want to watch a video that’s blocked in your region, you can use a forward proxy with an IP address on which the video is available to view.
A forward proxy works almost the same way as a Virtual Private Network (VPN), but they’re distinct technologies with unique use cases (they can sometimes overlap though).
A reverse proxy server acts as a front for the origin server to maintain anonymity and enhance security, just like how a user/client can use a forward proxy to achieve the same. It ensures that no user or client communicates directly with the origin server.
The difference between a forward proxy vs a reverse proxy is minor, but they work differently.
Both can work together as there’s no overlap between their functioning. Typically, users/clients use a forward proxy, while origin servers use a reverse proxy.
Since a server admin can control how the reverse proxy works, you can use it to enable many useful features.
We’ll list all its benefits later in this post.
Many businesses, especially large enterprises, use bespoke websites that are tailor-made to their unique needs and aren’t running on WordPress. Some examples include bank and insurance websites.
In other cases, a business may host their site on an external service that doesn’t allow them to install any external software (e.g. WordPress).
Usually, these are small to mid-sized retailers using an ecommerce platform such as Shopify.
Since WordPress has robust CMS features, many businesses, including large enterprises with bespoke websites, may prefer to host their blogs using WordPress.
One way to get around this problem is to install WordPress on the main website’s subdomain and structure the navigation menus such that users can switch easily between the main website and the blog.
Since subdomains behave as a unique domain, it can affect your site’s SEO. Even though Google treats both subdomains and subdirectories equally, it takes more effort to optimize a website for search engine rankings if it’s hosted on a subdomain than if it’s hosted in a subdirectory.
Google has reaffirmed that it treats both subdomains and subdirectories equally, but some SEO experts disagree with it. And even if it doesn’t affect the site’s SEO, a site hosted in a subdirectory is simply easier to maintain.
That’s why you can use a reverse proxy to redirect requests to the site’s blog hosted on a separate server. For example, a bank can host their main website on their servers securely, but they can also host their WordPress-powered blog separately on a managed WordPress host like Kinsta.Unifying two different sites under a single domain name is one of the key advantages of using a reverse proxy. It helps brands keep their sites organized, professional, and maintain credibility.
Besides the above use case, reverse proxies also grant many other benefits. The section below discusses some of their major advantages.
A single origin server cannot handle all the incoming traffic for a website with millions of daily unique visitors. In these cases, you can distribute the traffic smartly among a pool of many servers. Usually, all the servers will host the same content to eliminate a single point of failure, making the website more reliable.
A reverse proxy is a great way to set this up as it can receive the incoming traffic before it reaches the origin server. If the origin server is overloaded or fails completely, it can distribute the traffic to other servers without affecting the site functionality.
Reverse proxies can also direct the incoming requests to several servers, with each server performing a specific function it’s optimized for. The reverse proxy can then gather responses from all the servers and deliver them to the client.
Since we use most of the popular reverse proxies primarily for load balancing, they’re also referred to as Load Balancers.
GSLB is an advanced load balancing method for distributing website traffic among many servers placed strategically around the world. It’s typically done via anycast routing technique, where the reverse proxy picks the server node based on the fastest travel time between the client and the server.
Not only does GSLB increase the site’s reliability and security considerably, it also reduces latency and load times, thereby enhancing user experience. You can use GSLB with other network optimization techniques such as Spoon Feeding to free up the origin servers’ computational resources even more.
Though you can set up Global Server Load Balancing manually on your server, it’s usually taken care of by dedicated CDNs such as Cloudflare and KeyCDN (which also powers Kinsta CDN). Kinsta serves all the websites hosted with it through a Load Balancer powered by Google Cloud Platform.
Reverse proxies can cloak the IP address and other characteristics of origin servers. Thus, your website’s origin server can maintain its anonymity better, increasing its security significantly.
Since the reverse proxy will receive all the traffic before it reaches the main server, any attackers or hackers will find it harder to target your website with security threats such as DDoS attacks.
You can use a strict firewall to harden the reverse proxy with tighter security against common cyber attacks. Without a reverse proxy installed, it is difficult to remove malware or start takedowns.
You can use a reverse proxy for web acceleration purposes by caching both static and dynamic content. This can reduce the load on the origin server, resulting in a faster website. For instance, if your origin server is in the USA and a user from Europe visits your website, then you can serve a cached version of your site from a reverse proxy server in Europe. Since the reverse proxy is closer to the user than the origin server, the website will take less time to load, making it perform superbly. Varnish and Nginx FastCGI are prominent examples of reverse proxies that are used for caching web content. If your site is hosted with Kinsta, you don’t have to worry about caching as Kinsta takes care of all the caching legwork for you.
Server responses use up a lot of bandwidth. Compressing server responses (e.g. with gzip) before sending them to the client can reduce the amount of bandwidth required, speeding up server responses over the network. A reverse proxy is ideal to compress server responses as it sits in between the origin servers and the client.
A reverse proxy captures any requests that go through it. Hence, you can use them as a central hub to monitor and log traffic. Even if you use multiple web servers to host all your website’s components, using a reverse proxy will make it easier to monitor all the incoming and outgoing data from your site.
Of the 17% websites that use a reverse proxy (listed above), you’ll notice that most of them are CDNs. That’s because most reverse proxies hide their existence by default as a safety precaution. Hence, you cannot rely on website monitoring services like W3Techs to find which reverse proxies are the most popular ones. From our research and experience, the most popular reverse proxies in use today are:
Nginx is an open source web server that can also serve as a reverse proxy. Apart from being used to host websites, it’s also one of the most widely used reverse proxy and load balancing solutions. As per Netcraft, over 479 million web servers were using Nginx in December 2019, making it the leader in the web server market share.
Nginx provides all the reverse proxy benefits discussed above, plus more. It improves web performance, security, reliability, and scalability. You can configure Nginx using its configuration file, which is also hot reloadable. At Kinsta, Nginx reverse proxy is one of several premium add ons you can use.
But you can also use Nginx Plus, a commercial offering, to get access to API-based configuration options and other features suitable for large enterprise websites.
Kinsta powers all its websites with Nginx. It has ranked in Review Signal’s Top Tier web hosting status in every category it has competed in. Some other major companies that use Nginx are MaxCDN, Cloudflare, and Netflix.
Setting up Nginx as a basic reverse proxy is simple. Nginx also provides you with various directives to customize your server’s reverse proxy as per your requirements. We’ll discuss how to do this in a later section. If you’re a Kinsta customer, you’ll also learn how to use a reverse proxy for websites hosted with Kinsta in the same section.
Varnish is an open source HTTP reverse proxy with a built-in cache engine. It’s designed primarily for high-traffic websites that serve dynamic content. You can also use Varnish as a load balancer, a web app firewall (WAF), and an edge authentication and authorization server.
It works on all modern versions of Linux and FreeBSD, being used mainly as a front for Nginx or Apache web servers. Varnish’s powerful and highly flexible Varnish Configuration Language (VCL) lets you define various features such as handling HTTP requests, caching, and connecting to one or more web servers.
For this reason, many CDNs use Varnish as their main foundation for delivering content swiftly.
Varnish also supports Edge Side Includes (ESI), a language that helps you to reuse sections of one web page in other web pages. If your website uses a lot of repeated content in different pages, ESI can help you speed up your site’s page load times by caching frequently used sections.
You can extend Varnish with its various modules (VMODs). Head to Varnish’s official tutorial to learn how to set up Varnish as a reverse proxy for WordPress.
Apache Traffic Server is an open source caching proxy server. It’s popular for its fast, scalable features. It was a commercial product developed by Yahoo! long ago, but they made it open source and donated it to the Apache Foundation for maintenance.
Several major content networks and CDNs like Comcast, Akamai, LinkedIn, Yahoo, and Apple use Apache Traffic Server to power their technology.
You can also use Apache HTTP Server (Apache httpd), an HTTP server daemon, to set up a reverse proxy on your web server. Apart from acting as a basic web server, it also helps you serve static and dynamic content to users. You’ll learn how to set up Apache as a reverse proxy later in this article.
HAProxy is an open source reverse proxy and load balancer. It’s designed to integrate with most existing web server architectures, including Linux distributions and cloud platforms. Similar to Nginx, HAProxy uses an event-driven I/O model and supports splitting requests across multiple worker processes.
For HTTP requests, HAProxy performs exceptionally well even under heavy loads. Some of the highest traffic websites on the internet such as Airbnb, Reddit, Instagram, Stack Overflow, Tumblr, GitHub, and Imgur use HAProxy to deliver their websites efficiently.
Discussing how to implement HAProxy is beyond the scope of this article, but you can refer to their documentation to understand how it works.Some other popular reverse proxies are AWS Elastic Load Balancer, GLBC, DigitalOcean Load Balancer, and Google Cloud Load Balancer. For an exhaustive list of the top reverse proxies and load balancers in use today, you can check out Stackshare.io.