9 Open Source Reverse Proxies You Need to Know
I have been curious about reverse proxies lately. So I started researching and writing about it, to learn more about this topic.
There are many open-source reverse proxies available. In this article, we will discuss nine open-source reverse proxies, some of which are very popular and have been used for a long time, like Nginx and Apache and others are ones I found interesting when I was exploring in GitHub. We will cover some of their features so that you can choose the best one for your needs.
Reverse Proxy
A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.
For example, an HTTP server such as NGINX, sits between the client and your Rails or Django application, or any application servers written in Nodejs, Python, Go, Elixir, Ruby, Rust, etc.
Use cases of a reverse proxy
According to the article "What is a Reverse Proxy Server?", three of the common use cases for a Reverse Proxy Server are:
Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your backend servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take the load off of your web servers, thereby boosting their performance.
Security and anonymity – By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.
Also, the article "6 common use cases of Reverse Proxy scenarios", add the following use cases for a Reverse Proxy:
SSL Gateway - SSL termination process occurs when an SSL connection server ends, or when the traffic shifts between encrypted and unencrypted requests. By using a reverse proxy to handle any incoming HTTPS connections, you can have the proxy server decrypt the request, and then pass on the unencrypted request to the appropriate server.
Monitoring and logging - Reverse proxies can improve security by providing businesses with a point at which they can monitor and log traffic flowing through their network.
Different Websites into a Single URL Space and URL rewriting - With a reverse proxy server, the URLs can be automatically reformatted before they are passed on to the backend servers. With a reverse proxy, it is easy to route a single URL to a multitude of components. To anyone who uses your URL, it will simply appear as if they are moving to another page on the website. Each page within that URL might be connecting to a completely different backend service.
9 Open-Source Reverse Proxies
Nginx
Nginx is a high-performance, open-source HTTP and reverse proxy server originally written by Igor Sysoev. It is known for its stability, robustness, and scalability, and is commonly used for load balancing, reverse proxying, and caching.
These are the basic HTTP server features:
Serving static and index files, autoindexing; open file descriptor cache;
Accelerated reverse proxying with caching; load balancing and fault tolerance;
Accelerated support with caching of FastCGI, uwsgi, SCGI, and memcached servers; load balancing and fault tolerance;
Modular architecture. Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, and image transformation filter. Multiple SSI inclusions within a single page can be processed in parallel if they are handled by proxied or FastCGI/uwsgi/SCGI servers;
Support for HTTP/2 with weighted and dependency-based prioritization.
Also, it has other HTTP server features, mail proxy server features, and TCP/UDP proxy server features. We can see a list with all its features here.
Here is the documentation.
Apache HTTP Server
Apache HTTP Server is a widely-used, open-source web server and reverse proxy server. It is known for its flexibility and can be extended using Apache modules to add functionality such as proxying and load balancing.
Here is the documentation.
HAProxy
HAProxy is a fast and reliable open-source TCP/HTTP load balancer and reverse proxy server. It is known for its flexibility, ease of use, and high availability.
According to its documentation, these are the basic features HAProxy provides:
Proxying
SSL
Monitoring
High availability
Load Balancing
Stickiness
Statistics
We can have an exhaustive explanation of these basic features, here.
Also, it has standard features, as it says in the documentation, they are features that are commonly used in HAProxy, but not necessarily present in other load balancers. They are enumerated and explained, here.
Here is the documentation.
Caddy
Caddy is a modern, open-source web server and reverse proxy server that is designed to be easy to use and efficient. It supports HTTP/2, TLS encryption, automatic HTTPS, and many other features.
It is written in Go and is an extensible platform to serve your sites, services, and apps. Caddy is a server of servers, but most people use it as a web server or proxy.
Here is the documentation.
Envoy
Envoy Proxy is a high-performance, open-source edge, and service proxy server designed for modern, cloud-native architectures. It is designed to be massively scalable, extensible, and customizable, and supports features such as service discovery, load balancing, and rate limiting.
Envoy works with any application language. A single Envoy deployment can form a mesh between Java, C++, Go, PHP, Python, etc.
According to the Envoy documentation, this reverse proxy offers the following features:
L3/L4 filter architecture
HTTP L7 filter architecture
First class HTTP/2 support
HTTP/3 support (currently in alpha):
HTTP L7 routing
gRPC support
Service discovery and dynamic configuration
Health checking
Advanced load balancing
Front/edge proxy support
Here is the documentation.
Traefik
Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.
Traefik (pronounced traffic) is a modern HTTP reverse proxy, and load balancer written in Go that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Consul, Etcd, Rancher v2, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.
Here is the documentation.
Suzu
Sōzu is a reverse proxy for load balancing, written in Rust. Its main job is to balance inbound requests across two or more clusters' backends to spread the load.
It serves as a termination point for SSL sessions. So the workload of dealing with the encryption is offloaded from the backend. It can protect the backends by preventing direct access from the network. It returns some metrics related to the traffic between clients and backends clusters behind it.
Here is the documentation
FRP
FRP is a fast reverse proxy built in Go, that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports TCP and UDP, as well as HTTP and HTTPS protocols, enabling requests to be forwarded to internal services via domain name.
FRP also offers a P2P connect mode.
Here is the documentation
Rathole
A secure, stable and high-performance reverse proxy for NAT traversal, written in Rust. Is an alternative to FRP and Ngrok.
Rathole, like FRP and Ngrok, can help to expose the service on the device behind the NAT to the Internet, via a server with a public IP.
According to its documentation, Rathole provides these features:
High Performance Much higher throughput can be achieved than FRP, and more stable when handling a large volume of connections. See benchmark.
Low Resource Consumption Consumes much less memory than similar tools. See Benchmark. The binary can be as small as ~500KiB to fit the constraints of devices, like embedded devices as routers.
Security Tokens of services are mandatory and service-wise. The server and clients are responsible for their own configs. With the optional Noise Protocol, encryption can be configured with ease. No need to create a self-signed certificate! TLS is also supported.
Hot Reload Services can be added or removed dynamically by hot-reloading the configuration file. HTTP API is WIP.
Here is the documentation.
Conclusion
The best reverse proxy for you will depend on your specific requirements. If you are looking for a high-performance reverse proxy, then Nginx or HAProxy are good options. And if you are looking for a reverse proxy that is easy to use, then Caddy or Traefik are good options. But is up to you to try them and see which one is more suitable for your needs or use case.