Module 4 · Edge: DNS, CDN, Load BalancersDay 03420 min

Reverse Proxies vs Load Balancers

Same picture, different verbs.

← Previous Next →

Day 034

Reverse Proxies vs Load Balancers

20m

focus

Client

client

Reverse Proxy

edge

API

service

Auth

service

Static

service

Signal path

Reverse proxy as a routing/policy layer

Client

client

flow

Reverse Proxy

edge

Reverse Proxy

edge

flow

API

service

Reverse Proxy

edge

flow

Auth

service

Memory hook

Reverse Proxies vs Load Balancers: same picture, different verbs

Mental model

move the first decision closer to the user

Design lens

Single point — make it HA.

Recall anchors

FunctionsTools

Why it matters

A reverse proxy stands in front of services and handles cross-cutting concerns: TLS termination, header rewriting, auth, caching. A load balancer also distributes traffic across multiple backends. Most deployments fold both into one tier.

1Define each role precisely.
2Identify common functions: TLS termination, routing, rewriting, caching.
3Pick a tool: nginx, Envoy, HAProxy, ALB.

Deep dive

TLS termination at the edge frees backends from cert/cipher work.

Header rewriting (X-Forwarded-For, host, paths) is essential and easy to misconfigure.

Modern proxies (Envoy) carry policy: rate limiting, circuit breaking, observability.

Demo / scenario

Adding a reverse proxy in front of three services.

Single TLS cert at proxy; backends are HTTP.
Path-based routing: /api → API, /static → CDN, /auth → IdP.
Add per-route rate limits.
Capture access logs centrally.

Tradeoffs

Single point — make it HA.
Misconfigured rewrites cause subtle auth bugs.
Adds a hop; usually <2ms.

Diagram

Reverse proxy as a routing/policy layer.

Mind map

Check yourself

Loading quiz…

Sources & further reading

nginx — reverse proxy

← Previous Next →