Reverse Proxy (Nginx/Caddy)

A reverse proxy sits between clients and application servers, forwarding client requests to the appropriate backend and returning responses. Unlike a forward proxy (which acts on behalf of clients), a reverse proxy acts on behalf of servers, providing a single entry point for multiple backend services. Nginx and Caddy are the two most popular reverse proxies for modern web applications, each with distinct strengths.

Nginx is the industry standard, known for its high performance and event-driven architecture that handles tens of thousands of concurrent connections efficiently. It excels at TLS termination, static file serving, request buffering (protecting slow backends from client connection behavior), gzip/brotli compression, rate limiting, and load balancing across upstream servers. Configuration uses a custom declarative syntax in nginx.conf with location blocks for URL-based routing.

Caddy differentiates itself with automatic HTTPS (provisioning and renewing Let's Encrypt certificates with zero configuration), a simpler Caddyfile configuration syntax, and HTTP/3 support out of the box. Both proxies support WebSocket proxying, header manipulation (adding X-Request-ID, stripping sensitive headers), connection pooling to backends, and health checking of upstream servers. In containerized environments, the reverse proxy typically runs as a sidecar or edge gateway, terminating TLS and forwarding plain HTTP to application containers over the internal network.