avatarJIN

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

6147

Abstract

s.com/glossary/ssl-proxy/"><b>SSL</b></a> ( Secure Sockets Layer encryption and decryption between the client and the server). It can prevent unwanted information from being obtained or data collection.</p><p id="fb4b"><b>There are 2 types of proxy servers:</b></p><ol><li><b>Forward Proxy Server</b></li></ol><figure id="dce8"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*nwucMPaL9mbYaonU"><figcaption><a href="https://thinkscholar.com/2022/01/03/forward-proxy/">https://thinkscholar.com/2022/01/03/forward-proxy/</a></figcaption></figure><ul><li>It does not have the ability to directly respond to the request and forwards the request to the targeted server, and then obtain the response from the targeted server and forward it to the client (requester), that is browser.</li><li>For example, you can enter the domain name <b><i>http://medium.com/</i></b>, through the DNS system browser, then you can know the corresponding IP address. Also, you must configure the proxy server to tell the browser.</li><li>Is direct access to the webpage not good? It is because of security audit and control considerations. In some organizations, there is an intranet proxy server designated for you to access the Internet.</li><li>Of course, the proxy server itself is not restricted, it can access the external network. However, all your Internet requests go through the proxy server, and this proxy is controlled by the organization, and all requests can be audited.</li><li>For example, the organization will check if you upload confidential information inside the organization to an external website, if you have visited an unsafe website, visiting some webpage that is not related to work, so they will block you.</li><li>Also, the proxy server can cache the webpage for speeding up or saving bandwidth. Hence, when you want to visit the webpage again, the proxy server directly returns the cached webpage.</li><li>Some advanced proxy plug-ins also allow you to configure specific rules, that is, you can configure which addresses go through the proxy, with some predefined rules, whitelists, blacklists, and custom rules.</li></ul><p id="f29e"><b>2. Reverse Proxy Server</b></p><figure id="e1e3"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*sQKVOHG2DFe6sNkT1xd2_A.png"><figcaption><a href="https://github.com/NunuM/talos-nodejs-proxy">https://github.com/NunuM/talos-nodejs-proxy</a></figcaption></figure><ul><li>The big difference between a reverse proxy and a forward proxy is that it does not require the client (browser) to do any configuration, and there is no operation to configure the proxy server. If it is the reverse proxy, then the browser does not know if it is proxied by itself, and the browser thinks that the request can be directly sent to the final web server, but it is actually just a “proxy”.</li><li><a href="https://www.nginx.com/"><b>NGINX</b></a><b> </b>is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers</li></ul><figure id="c817"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*cf0FdBbeKIjgz6yX.png"><figcaption><a href="https://confluence.atlassian.com/bitbucketserver/secure-bitbucket-behind-nginx-using-ssl-776640112.html">https://confluence.atlassian.com/bitbucketserver/secure-bitbucket-behind-nginx-using-ssl-776640112.html</a></figcaption></figure><ul><li>There are 2 protocols.</li></ul><ol><li><a href="https://en.wikipedia.org/wiki/Common_Gateway_Interface"><b>Common Gateway Interface </b></a>(CGI)</li><li><a href="https://en.wikipedia.org/wiki/FastCGI"><b>FastCGI Process Manager </b></a>(FPM)</li></ol><p id="0318">For details, please refer to the official document “<a href="https://www.php.net/manual/en/install.fpm.install.php"><b>PHP: FPM installation</b></a><b></b>.</p><ul><li>Nginx translates all PHP requests into FastCGI requests and then sends them to the targeted server.</li><li>So, the configuration file must convey the message clearly between Nginx and FPM.</li><li>From the perspective of the external browser, the request is sent directly to the Nginx server, and the response is returned from the Nginx server without any forward proxy in the middle.</li><li>From the perspective of the system designer, Nginx is actually incapable of responding to many requests.</li><li>Is direct access to the webpage not good? It is because the reverse proxy can be used as a method of internal load balancing.</li><li>After a period of time, the traffic may increase, and the webserver cannot handle it. If a lot of requests are flooded at the same time, Nginx will send half of the requests to the webserver on 2 different ports.</li></ul><figure id="04a4"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*hsSF8geDRgTVMQ4w.png"><figcaption><a href="https://www.nginx.com/blog/using-nginx-plus-to-reduce-the-frequency-of-configuration-reloads/">https://www.nginx.com/blog/using-nginx-plus-to-reduce-the-frequency-of-configuration-reloads/</a></figcaption></figure><ul><li>Eventually, all requests are handled by Nginx, users don’t need to know the existence of applications on different ports.</li><li>If you have multiple hosts, for example, one runs Nginx listening on port 80, and the other two run tomcat, monitor ports 8080 and 8081 respectively, and accept and process requests.</li></ul><figure id="320d"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*gBC37p6krnf7dYTf.png"><figcaption><a href="https://artsysops.com/2020/02/09/how-to-create-a-http-load-balancer-with-nginx/">https://artsysops.com/2020/02/09/how-to-create-a-http-load-balancer-with-nginx/</a></figcaption></figure><ul><li>The performance of the load balancer can be improved by adjusting the load ratio so that the port with stronger performance can take on more requests.</li><li>A reverse proxy server c

Options

an hide IP addresses on the internal network from external users, and determine if users can obtain the resources from the web pages. Hence, it is difficult for hackers to attack internal servers.</li><li>With the functions of load balancing, it can spread data among internal servers, thereby preventing the overloading of servers caused by a large number of requests.</li></ul><p id="aab0"><b>References</b></p><div id="d88e" class="link-block"> <a href="https://www.strongdm.com/blog/difference-between-proxy-and-reverse-proxy#:~:text=A%20traditional%20forward%20proxy%20server,on%20behalf%20of%20multiple%20servers"> <div> <div> <h2>The Difference Between Proxy and Reverse Proxy | strongDM</h2> <div><h3>Many businesses use proxy servers to route and secure traffic between networks. There's often confusion, however, on…</h3></div> <div><p>www.strongdm.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*ITBofiUHWHC570cP)"></div> </div> </div> </a> </div><div id="ac92" class="link-block"> <a href="https://thinkscholar.com/2022/01/03/forward-proxy/"> <div> <div> <h2>Forward Proxy | System Design Concepts | THINKscholar</h2> <div><h3>A forward proxy is a server that sits in front of client machines. When these machines make requests to any sites on…</h3></div> <div><p>thinkscholar.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*8VRSvXkJvs6YyDzH)"></div> </div> </div> </a> </div><div id="2497" class="link-block"> <a href="https://thinkscholar.com/2022/01/03/reverse-proxy/"> <div> <div> <h2>Reverse Proxy | System Design Concepts | THINKscholar</h2> <div><h3>The reverse proxy is a server that sits in front of one or more web servers (hosting web applications). It intercepts…</h3></div> <div><p>thinkscholar.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*7ezjeVBNvTTzI7aV)"></div> </div> </div> </a> </div><div id="f82c" class="link-block"> <a href="https://www.keycdn.com/support/nginx-reverse-proxy"> <div> <div> <h2>Setting up an Nginx Reverse Proxy - KeyCDN Support</h2> <div><h3>A reverse proxy is an intermediary proxy service that takes a client request, passes it on to one or more servers, and…</h3></div> <div><p>www.keycdn.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*d6kQc2aDqZ-aBmz_)"></div> </div> </div> </a> </div><div id="6685" class="link-block"> <a href="https://thinkscholar.com/2022/01/03/transparent-proxy/"> <div> <div> <h2>Transparent Proxy | System Design Concepts | THINKscholar</h2> <div><h3>A transparent proxy acts as an intermediary between the client and the webserver and will intercept the client's…</h3></div> <div><p>thinkscholar.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*7XVbjPKA1mMvi-iY)"></div> </div> </div> </a> </div><p id="8ee4"><b><i>If you’ve found any of my articles helpful or useful then please consider throwing a coffee my way to help support my work or give me patronage😊, by using</i></b></p><p id="8b0e"><a href="https://www.patreon.com/jinlowmedium"><b>Patreon</b></a></p><p id="4e21"><a href="https://ko-fi.com/jinlowmedium"><b>Ko-fi.com</b></a></p><p id="0b29"><a href="https://www.buymeacoffee.com/jinlowmedium"><b>buymeacoffee</b></a></p><p id="78d5"><i>Last but not least, if you are not a Medium Member yet and plan to become one, I kindly ask you to do so using the following link. I will receive a portion of your membership fee at no additional cost to you.</i></p><div id="ed8f" class="link-block"> <a href="https://jinlow.medium.com/membership"> <div> <div> <h2>Join Medium with my referral link - JIN</h2> <div><h3>As a Medium member, a portion of your membership fee goes to writers you read, and you get full access to every story…</h3></div> <div><p>jinlow.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*QlQtw8eeV332x6FE)"></div> </div> </div> </a> </div><p id="4c75"><i>It is my first affiliate program, if you like to further enhance your system knowledge, you can click the links and buy the course. Honestly speaking, I will receive 20% of your course fees at no additional cost to you. You will have unlimited access to our courses. There is no time expiry and you will have access to all future updates free of cost.</i></p><div id="ab15" class="link-block"> <a href="https://designgurus.org/link/LX551Y"> <div> <div> <h2>Design Gurus</h2> <div><h3>Once bought, you will have unlimited access to our courses. There is no time limit and you will have access to all…</h3></div> <div><p>designgurus.org</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*RRNJF9yszsIP_sgl)"></div> </div> </div> </a> </div></article></body>

Photo by Peter Larson on Unsplash

The Fundamental Knowledge of System Design — (7) — Proxy

Proxy — Network Proxy, is a special network service that allows a network terminal, especially a client application to make an indirect connection with another network terminal especially a server through the proxy. Proxy services help to protect the privacy or security of network terminals and prevent attacks. The network devices such as gateways and routers will have built-in network proxy services.

It is the seventh series of the fundamentals knowledge of system design. You can read my previous articles.

https://networkencyclopedia.com/proxy-server/

A proxy is a server that acts as a gateway between you (client) and the Internet. You (client) establish a connection with the proxy server and then request to create a connection to the target server or obtain the specified resources (such as a file or web page) of the target server according to the proxy protocol used by the proxy server. The proxy server may download the resources of the target server to its local cache of the proxy server. Then, the proxy server will directly return the cached resources to the client application. Otherwise, the requests will be sent to the website directly without the proxy services. However, with the proxy service, the proxy server will replace your real IP address with another IP address, and then sends the request to the target server. So, a proxy server is an encrypted anonymous proxy that not only changes your IP address but also encrypts your Internet browsing session to keep you safe and protected by SSL ( Secure Sockets Layer encryption and decryption between the client and the server). It can prevent unwanted information from being obtained or data collection.

There are 2 types of proxy servers:

  1. Forward Proxy Server
https://thinkscholar.com/2022/01/03/forward-proxy/
  • It does not have the ability to directly respond to the request and forwards the request to the targeted server, and then obtain the response from the targeted server and forward it to the client (requester), that is browser.
  • For example, you can enter the domain name http://medium.com/, through the DNS system browser, then you can know the corresponding IP address. Also, you must configure the proxy server to tell the browser.
  • Is direct access to the webpage not good? It is because of security audit and control considerations. In some organizations, there is an intranet proxy server designated for you to access the Internet.
  • Of course, the proxy server itself is not restricted, it can access the external network. However, all your Internet requests go through the proxy server, and this proxy is controlled by the organization, and all requests can be audited.
  • For example, the organization will check if you upload confidential information inside the organization to an external website, if you have visited an unsafe website, visiting some webpage that is not related to work, so they will block you.
  • Also, the proxy server can cache the webpage for speeding up or saving bandwidth. Hence, when you want to visit the webpage again, the proxy server directly returns the cached webpage.
  • Some advanced proxy plug-ins also allow you to configure specific rules, that is, you can configure which addresses go through the proxy, with some predefined rules, whitelists, blacklists, and custom rules.

2. Reverse Proxy Server

https://github.com/NunuM/talos-nodejs-proxy
  • The big difference between a reverse proxy and a forward proxy is that it does not require the client (browser) to do any configuration, and there is no operation to configure the proxy server. If it is the reverse proxy, then the browser does not know if it is proxied by itself, and the browser thinks that the request can be directly sent to the final web server, but it is actually just a “proxy”.
  • NGINX is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers
https://confluence.atlassian.com/bitbucketserver/secure-bitbucket-behind-nginx-using-ssl-776640112.html
  • There are 2 protocols.
  1. Common Gateway Interface (CGI)
  2. FastCGI Process Manager (FPM)

For details, please refer to the official document “PHP: FPM installation.

  • Nginx translates all PHP requests into FastCGI requests and then sends them to the targeted server.
  • So, the configuration file must convey the message clearly between Nginx and FPM.
  • From the perspective of the external browser, the request is sent directly to the Nginx server, and the response is returned from the Nginx server without any forward proxy in the middle.
  • From the perspective of the system designer, Nginx is actually incapable of responding to many requests.
  • Is direct access to the webpage not good? It is because the reverse proxy can be used as a method of internal load balancing.
  • After a period of time, the traffic may increase, and the webserver cannot handle it. If a lot of requests are flooded at the same time, Nginx will send half of the requests to the webserver on 2 different ports.
https://www.nginx.com/blog/using-nginx-plus-to-reduce-the-frequency-of-configuration-reloads/
  • Eventually, all requests are handled by Nginx, users don’t need to know the existence of applications on different ports.
  • If you have multiple hosts, for example, one runs Nginx listening on port 80, and the other two run tomcat, monitor ports 8080 and 8081 respectively, and accept and process requests.
https://artsysops.com/2020/02/09/how-to-create-a-http-load-balancer-with-nginx/
  • The performance of the load balancer can be improved by adjusting the load ratio so that the port with stronger performance can take on more requests.
  • A reverse proxy server can hide IP addresses on the internal network from external users, and determine if users can obtain the resources from the web pages. Hence, it is difficult for hackers to attack internal servers.
  • With the functions of load balancing, it can spread data among internal servers, thereby preventing the overloading of servers caused by a large number of requests.

References

If you’ve found any of my articles helpful or useful then please consider throwing a coffee my way to help support my work or give me patronage😊, by using

Patreon

Ko-fi.com

buymeacoffee

Last but not least, if you are not a Medium Member yet and plan to become one, I kindly ask you to do so using the following link. I will receive a portion of your membership fee at no additional cost to you.

It is my first affiliate program, if you like to further enhance your system knowledge, you can click the links and buy the course. Honestly speaking, I will receive 20% of your course fees at no additional cost to you. You will have unlimited access to our courses. There is no time expiry and you will have access to all future updates free of cost.

Proxy
System Design Interview
Knowledge
Forward Proxy
Reverse Proxy
Recommended from ReadMedium