ConfigClarityGlossary › Reverse Proxy

Reverse Proxy

A reverse proxy is a server that sits in front of backend applications and forwards client requests to them, handling TLS termination, load balancing, caching, and routing.
NginxReverse ProxyTraefikTLSLoad BalancingDevOps

A reverse proxy accepts incoming connections from clients and forwards them to one or more backend services. From the client's perspective, they are communicating with a single server. The backend services are hidden behind the proxy.

The most common reverse proxies in self-hosted Linux environments are Nginx, Caddy, Traefik, and HAProxy. In cloud environments, Cloudflare, AWS ALB, and Vercel's edge network serve as reverse proxies.

What a Reverse Proxy Does

TLS termination — the proxy handles HTTPS, so backend services can communicate over plain HTTP internally. Host-based routing — route app.domain.com to one backend, api.domain.com to another, all on the same server. Path-based routing — route /api/ to one service, / to another. Load balancing — distribute traffic across multiple backend instances. Header manipulation — add X-Forwarded-For, X-Real-IP, security headers.

Common Misconfigurations

Dangling routes pointing to stopped containers are the most frequent issue — Nginx config references a backend that no longer exists, causing 502 errors. Missing SSL redirects (HTTP not redirected to HTTPS) are the second most common. Traefik users frequently encounter label conflicts when migrating from v2 to v3, as label syntax changed significantly.

Related Tools

Reverse Proxy Mapper →

Fix Guides

Nginx 502 fixSSL redirect missing fix

Frequently Asked Questions

What is the difference between a proxy and a reverse proxy?
A forward proxy sits in front of clients and forwards their requests to servers — used for anonymity, content filtering, or caching outbound traffic. A reverse proxy sits in front of servers and forwards client requests to backend applications — used for TLS termination, routing, and load balancing.
Why use Nginx as a reverse proxy for Docker?
Docker containers typically run on high-numbered ports (8080, 3000, 5000). Nginx acts as the public-facing server on ports 80 and 443, handles TLS, and proxies requests to the container's port. This means only Nginx needs to be exposed — container ports are bound to 127.0.0.1 only.
What is a dangling reverse proxy route?
A dangling route is a proxy configuration pointing to a backend that no longer exists — a container that was stopped, a service that was moved, or a hostname that no longer resolves. The reverse proxy returns a 502 or 504 error for these routes.

Related Fix Guides