SystemCity
WorkspaceProblemsCanvasPricing
Sign in
S

SystemCity

AI-powered system design tutor. Learn architecture, ace interviews, build real systems.

Learn

  • Learn System Design
  • Interview Prep Guide
  • All Problems
  • Glossary
  • Compare
  • Design Canvas

Product

  • Pricing
  • Portfolio
  • Support

Legal

  • Terms
  • Privacy
  • Refunds

© 2026 SystemCity. All rights reserved.

Master system design · interview prep · 120+ problems

Back to glossary

Networking & Infrastructure

Reverse Proxy

A server that sits in front of one or more backend servers and forwards client requests to them, often handling TLS, caching, compression, and load balancing.

In depth

A reverse proxy is a server that accepts client requests and forwards them to one or more backend servers. The client thinks it is talking to the proxy; the proxy hides the topology behind it. Reverse proxies are a workhorse of web infrastructure: NGINX, HAProxy, Envoy, Apache Traffic Server, and Caddy are common implementations.

In addition to forwarding, reverse proxies typically handle TLS termination (decrypting HTTPS so backends can stay on plain HTTP internally), compression (gzip/brotli), response caching, request rewriting, header manipulation, IP allowlisting, basic authentication, and load balancing across a backend pool. Modern proxies also support HTTP/2, HTTP/3 (QUIC), and WebSocket upgrades.

The distinction from a forward proxy: a forward proxy sits in front of clients and helps them reach external servers (filtering, anonymizing); a reverse proxy sits in front of servers and helps them serve external clients (load balancing, TLS, caching).

When to use

Almost every production web stack puts a reverse proxy in front of application servers — for TLS termination alone, the value is high.

Tradeoffs

Reverse proxies add a hop (small latency cost) and another piece of infrastructure to operate. Misconfigured caching or header rewriting can cause subtle bugs.

Related terms

Load Balancer

A component that distributes incoming network traffic across multiple backend servers to maximize throughput, minimize response time, and avoid overload.

CDN (Content Delivery Network)

A globally distributed network of edge servers that cache static content close to end users to minimize latency and origin load.

API Gateway

A single entry point that routes external requests to internal services, handling concerns like authentication, rate limiting, and request transformation in one place.

DNS

A hierarchical, distributed naming system that translates human-readable domain names like systemcity.io into IP addresses computers route to.

TCP vs UDP

TCP is a reliable, ordered, connection-oriented protocol. UDP is a fast, connectionless, best-effort protocol. They serve different workloads.

HTTP/2

A major revision of the HTTP protocol that introduces multiplexing, header compression, and server push over a single binary framing layer on TCP.