Short definition
A reverse proxy is a server that sits in front of one or more backend applications, receiving client requests and forwarding them to the appropriate upstream service, then returning the response to the client as if it came directly from the proxy itself.
Extended definition
Unlike a forward proxy, which acts on behalf of a client to reach external servers, a reverse proxy acts on behalf of backend servers to handle incoming requests. From the client’s perspective, it is talking directly to the website or API. In reality, nginx is intercepting the request, applying rules, and forwarding it to an application server running on a local port or a remote host. This abstraction enables SSL termination, load balancing, caching, request filtering, compression, and routing, all at the proxy layer, without modifying the application behind it. Reverse proxying is one of the most common nginx use cases in production infrastructure.
Deep technical explanation
SSL termination: The reverse proxy handles the HTTPS handshake and certificate management, forwarding plain HTTP to the backend. This offloads cryptographic overhead from application servers and centralises certificate management in one place.
Load balancing: nginx can distribute incoming requests across multiple backend instances using strategies including round robin, least connections, and IP hash. If one backend fails a health check, nginx routes around it automatically.
Header manipulation: The proxy layer adds, removes, or rewrites HTTP headers before passing requests upstream. The X-Forwarded-For header is set here so the backend application knows the real client IP despite traffic arriving from the proxy’s address.
Upstream definition: Backend targets are defined in an upstream block in nginx.conf or the vhost file. This block lists one or more server addresses and the load balancing policy, keeping routing logic separate from the server block itself.
Buffering and timeouts: nginx buffers responses from the upstream application before sending them to the client. proxy_read_timeout and proxy_connect_timeout control how long nginx waits for the backend before returning an error, which is critical for tuning behaviour under load.
Path rewriting: proxy_pass can include a URI component that rewrites the request path before it reaches the backend, allowing a public URL structure to differ from the internal application’s routing expectations.
How BlueGrid.io uses it
Reverse proxying is the standard pattern across BlueGrid.io’s infrastructure. nginx sits in front of every application service, handling SSL termination, routing traffic by subdomain or path to the correct backend, and enforcing timeouts and rate limits at the edge before requests reach application code.
Why it matters
A reverse proxy decouples the public interface of a service from its internal implementation. It is the standard pattern for serving any application that should not be directly exposed to the internet, and the foundation for adding caching, load balancing, and security controls without touching application code.