A reverse proxy server is a type of proxy server that is deployed between clients and back-end/origin servers, for example, an HTTP server such as NGINX, Apache, etc.. or application servers written in Nodejs, Python, Java, Ruby, PHP, and many other programming languages.
It is a gateway or an intermediary server that takes a client request, passes it on to one or more back-end servers, and subsequently fetches the response from the server and delivers it back to the client, thus making it appear as if the content originated from the reverse proxy server itself.
Generally, a reverse proxy server is an internal-facing proxy used as a ‘front-end‘ to control and protect access to back-end servers on a private network: it is typically deployed behind the network firewall.
It helps back-end servers to achieve anonymity to enhance their security. In IT infrastructure, a reverse proxy can also function as an application firewall, load balancer, TLS terminator, web accelerator (by caching static and dynamic content), and much more.
In this article, we will review the 10 top open-source reverse proxy servers you can use on a Linux system.
Table of Contents
1. HAProxy – (TCP/HTTP Load Balancer)
HAProxy (HAProxy, which stands for High Availability Proxy), is a free, open-source, very fast, reliable, and top-notch load balancer and proxying software for TCP and HTTP-based applications, built for high availability.
HAProxy is an HTTP reverse proxy, a TCP proxy and normalizer, an SSL/TLS terminator/initiator/offloader, a caching proxy, an HTTP compression offloader, a traffic regulator, a content-based switch, a FastCGI gateway, and more. It is also a protection against DDoS and service abuse.
It is powered by an event-driven, non-blocking engine that combines a very fast I/O layer with a priority-based, multi-threaded scheduler which enables it to easily deal with tens of thousands of concurrent connections.
Notably, HAProxy uses the PROXY protocol to pass the client’s connection information to the backend or origin servers so that an application gets all the relevant information.
Some of HAProxy’s basic features include proxying, SSL support, monitoring both server states and their state, high availability, load balancing, stickiness (maintaining a visitor on the same server even across various events), content switching, HTTP rewriting, and redirection, server protection, logging, statistics, and much more.
2. NGINX – (HTTP and Reverse Proxy Web Server)
NGINX is a free, open-source, high-performance, and very popular HTTP server and reverse proxy. It also functions as an IMAP/POP3 proxy server. NGINX is well known for its high performance, stability, rich feature set, simple and flexible configuration, and low resource consumption (particularly small memory footprint).
Just like HAProxy, NGINX has an event-driven architecture so it has no problem dealing with tens of thousands of concurrent connections, as it uses HAProxy’s PROXY protocol.
NGINX supports accelerated reverse proxying with caching using the ngx_http_proxy_module module, which allows passing requests to another server over protocols other than HTTP, such as FastCGI, uwsgi, SCGI, and Memcached.
Importantly, it supports load balancing and fault tolerance which are vital aspects of large-scale distributed computing systems. The ngx_http_upstream_module module allows for defining groups of backend servers to distribute the requests coming from clients.
This makes your applications more robust, available and reliable, highly scalable, with response time and throughput. Additionally, concerning security, it supports SSL/TLS termination and many other security features.
Useful articles on Nginx web server you might like to read:
3. Varnish – (Reverse Caching Proxy)
Varnish HTTP Cache (or Varnish Cache or simply Varnish) is a free, open-source, high-performance, and very popular caching reverse-proxy software better known as a web application accelerator, designed to improve HTTP performance using server-side caching.
It is deployed between a client and an HTTP web server or application server; every time a client requests information or a resource from a web server, Varnish stores a copy of the information, so the next time the client requests the same information, Varnish will serve it without sending a request to the webserver thus reducing the load on the server and in turn speeding up web content delivery.
Varnish uses a flexible configuration language known as the Varnish Configuration Language (VLC) which among other things enables system administrators to configure how incoming requests should be processed, what content should be served, and from where, and how the request or response should be altered, and much more.
The varnish is also extensible – it can be extended using Varnish Modules (VMODs) and users can write their custom modules or use community-provided modules.
The main limitation of Varnish is its lack of support for SSL/TLS. The only way to enable HTTPS is to deploy an SSL/TLS terminator or offloader such as HAProxy or NGINX in front of it.
4. Træfɪk – (The Cloud Native Application Proxy)
Træfɪk (pronounced Traffic) is a free, open-source, modern, and fast HTTP reverse proxy and load balancer for deploying micro-services that supports multiple load-balancing algorithms.
It can interface with various providers (or service discovery mechanisms or orchestration tools) such as Kubernetes, Docker, Etcd, Rest API, Mesos/Marathon, Swarm, and Zookeper.
Its lovable feature is its ability to manage its configuration automatically and dynamically thus discovering the right configuration for your services. It does this by scanning your infrastructure to find relevant information and discovering which service serves which request from the external world. The providers tell Træfɪk where your applications or micro-services are located.
Træfɪk’s other features are supported for WebSockets, HTTP/2, and GRPC, hot reloading (continuously updates its configuration without restarts), HTTPS using Let’s Encrypt certificates (wildcard certificate support), and exposes a REST API. It also keeps access logs, and it provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB).
Also, Træfɪk ships with a simple HTML-based web user interface used to keep an eye on events. It also supports circuit breakers, retry requests, rate limiting, and basic authentication.
5. Apache Traffic Server – (Reverse and Forward Proxy Server)
Formerly a commercial product owned by Yahoo which was later handed over to the Apache Foundation, Apache Traffic Server is a free, open-source, and fast caching forward and reverse-proxy server.
The Traffic Server also works as a load balancer and can participate in flexible cache hierarchies. It is known to have handled over 400 TB a day of traffic at Yahoo.
It features a set of keep-alive, filtering, or anonymizing of content requests, and is extensible via an API that allows users to create custom plugins to modify HTTP headers, handle ESI requests, or design new cache algorithms.
6. Squid – (Caching and Forwarding HTTP Proxy)
Squid is a free, open-source, and well-known proxy server and Web cache daemon that supports various protocols such as HTTP, HTTPS, FTP, and more. It features a reverse proxy (httpd-accelerator) mode that caches incoming requests for outgoing data.
It supports rich traffic optimization options, access control, authorization, logging facilities, and much more.
7. Pound – (Reverse Proxy and Load Balancer)
A Pound is another free and open-source, lightweight reverse proxy and load balancer and front-end for web servers. It is also an SSL terminator (that decrypts HTTPS requests from clients and sends them as plain HTTP to the back-end servers).
An HTTP/HTTPS sanitizer (that verifies requests for correctness and accepts only well-formed ones), and a fail-over server.
8. Apache – (HTTP Web Server)
Apache HTTP server (also known as HTTPD), the most popular web server on the globe can also be deployed and configured to act as a reverse proxy.
Apache excels in routing client requests to backend servers, enhancing security, load balancing, and optimizing web application performance. By acting as an intermediary, Apache can efficiently distribute incoming traffic to multiple server instances, ensuring high availability and seamless user experiences.
Its robust and customizable configuration options make it a top choice for organizations seeking a reliable solution for reverse proxy needs, whether for content caching or application delivery.
9. Skipper – (HTTP Router and Reverse Proxy)
Skipper is a free and open-source HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress.
It is built to manage a substantial number of dynamically configured HTTP route definitions, surpassing 800,000 routes, featuring intricate lookup conditions, and offering flexibility to enhance the request flow with filters.
It can be readily deployed as-is, or it can be extended by incorporating custom lookup, filter logic, and configuration sources.
10 Caddy 2 – Fast Server with Automatic HTTPS
Caddy 2 is an open-source web server and reverse proxy renowned for its simplicity and versatility, that offers a user-friendly interface and automatic HTTPS by default, making it an accessible choice for both newcomers and experienced users.
Caddy 2 is designed to effortlessly handle web hosting, HTTP/2, load balancing, and proxying, enhancing website performance and security. Its open-source nature encourages community contributions, and it has gained popularity for its ease of use and modern features in the world of web hosting and server management.
Conclusion
That’s all we had for you in this guide. For more information about each tool in this list, check out their respective websites. Do not forget to share your thoughts with us via the feedback form below.
Caddy is missing here.
@Peter,
I have added Caddy to the article. Thank you for bringing it to my attention!
I read something about linuxserver.io Swag, is it a Proxy Server?