I have been looking for a reverse proxy to use in our Docker hosting platform and did some research on how popular providers compare that I want to share with you.
What is a reverse proxy?
A reverse proxy is like a middleman for your website or app server. Imagine you're at a big concert, and there are thousands of people who want to talk to the singer (your application). Instead of letting everyone rush to the singer directly, there’s a person standing in front of the singer, taking the requests from fans, delivering them to the singer, and coming back with the response.
Why is that useful?
- Load Balancing: If lots of people try to visit a website at the same time, a reverse proxy can split the traffic across several servers to prevent any single server from getting overwhelmed.
- Security and Anonymity: A reverse proxy hides the identity and location of the real server from the outside world. It acts like a shield that blocks direct access to the server. On top it usually comes with additional security features like rate limiting, IP blocking, and more sophisticated request filtering.
- SSL Termination: It handles the encryption and decryption of data during transit using SSL certificates. SSL termination means, your reverse proxy accepts https traffic, but forwards requests using http, so your app server does not need to deal with SSL.
- Caching: It saves copies of frequently requested data (like images or pages), so when someone asks for it again, the reverse proxy can deliver it without bothering the server.
- Compression: The reverse proxy can shrink files (like images or web pages) before sending them to users.
Comparison of the top 5 reverse proxies
Apache
The OG in the game: Apache. This web server has been around since 1995, giving it plenty of time to mature. It’s still widely used today and boasts a rich ecosystem of tools and modules to solve almost every use case and it's exceptionally well integrated to work with PHP applications. While Apache is not a reverse proxy by default, it can be extended to act as one using the mod_proxy module.
Performance isn’t as blazingly fast as some of the other options out there due to its process-driven architecture. However, it’s possible to fine-tune it for some speed gains, and for 90% of small and medium to large sized applications that don’t need tens of thousands of simultaneous connections, performance will not be a notable issue.
To summarize, the USP lies in its extensive plugins and modules for high customization as well as compatibility with PHP. It’s not so great for high-traffic sites needing massive scalability, but for most users, it remains a solid choice!
NGINX
NGINX was released in 2004. NGINX was developed to optimize performance for high traffic applications. In comparison to Apache, it is more lightweight and relies on an event-driven architecture, which makes it possible to handle thousands of concurrent connections.
One of NGINX's key features is its built-in load balancing capabilities, which help distribute traffic across multiple backend servers. The configuration of NGINX is generally straightforward but with fewer third-party modules it is also less flexible than Apache.
For sites and applications that prioritize performance and scalability, NGINX is a great choice.
HAProxy
HAProxy is the first option in our list, that is designed to be a dedicated load balancer only, unlike NGINX and Apache you can not use it to serve static content.
Known for its very high performance and advanced traffic management capabilities, HAProxy is primarily a tool for DevOps experts who know what they are doing and have very specific requirements. NGINX is fast, but HAProxy is faster. Nothing that most of us earthlings need, but some mega corporations with hundreds of millions of users might.
HAProxy lacks built-in caching capabilities, potentially leading to a need for more infrastructure components to serve static content effectively. Overall, HAProxy excels in advanced load balancing scenarios, while NGINX and Apache provide broader web server functionalities.
Caddy
Coming back down to earth, Caddy is a great alternative. It lately gained a lot of popularity and is primarily known for it's simplicity and awesome developer experience. Configuration is straight forward and readable and a great distinguisher is automatic HTTPS, making it exceptionally easy to set up secure sites without manual certificate management.
In comparison to NGINX, Apache and HAProxy, Caddy is fairly young. It was created in 2015 and therefore it's ecosystem is not as big as Apaches for example and some advanced configuration options are limited. And while load balancing is possible, it is less suitable for complex needs, like HAProxy.
To sum up, Caddy is your choice for a hassle-free solution in simple setups.
Traefik
Like HAProxy, Traefik is primarily a reverse proxy and load balancer, but lacks web server functionality. It was build to go hand in hand with containerized applications and microservices, making it particularly suitable for environments using Docker, Kubernetes, and other orchestration tools.
It offers built-in support for HTTPS through automatic SSL certificate management, as well as various load balancing algorithms.
As a newer entrant in the reverse proxy landscape, Traefik has a smaller ecosystem of plugins and modules compared to established solutions like NGINX and Apache, but overall, it's a great choice to use in a containerized setup.
Info: If you want to deploy Docker containers, but don't want to take care of setting up the reverse proxies yourself checkout sliplane.io
Summary
Each provider has it's benefits and drawbacks, and it really depends on your specific usecase, which one is best for your next project.
In a nutshell, here are some unique benefits of the presented providers:
- NGINX: High performance and static content handling.
- HAProxy: Very high performance with advanced load balancing capabilities
- Traefik: Seamless Docker integration and sleak visual monitoring dashboard
- Caddy: Super easy setup and automatic SSL
- Apache: Extensive flexibility and customization options.
Check out sliplane.io if you don't want to deal with setting up reverse proxies yourself.
Top comments (12)
caddy >>>>>>> everything
My go to for is nginx-proxy, it can also handle Let's Encrypt certs automatically, so it's pretty much set and forget. github.com/nginx-proxy/nginx-proxy
Underlying docker-gen image looks pretty interesting, thanks for sharing!
So u basically need 2 servers? One where ur “script/app” is running and the middleman to do all the wonderful things u just described - right? Soo - what resource's does this reverse proxy server need?
Not necessarily, the reverse proxy itself barely needs any resources and in small projects it can easily run on the same server ;)
ngmi if you don't build your own reverse proxy
Great article! Curious about your thoughts on ngrok as a reverse proxy?
Thanks 🙏🏻 I don't have much experience with ngrok in a prod setting, only used it for local webhook testing before :-)
Same! Until I started working there. ;) ngrok is doing some interesting stuff in the gateway space these days.
ngrok.com/blog-post/not-just-testi...
Thanks for the response!
Why isn't Envoy compared?
Because it’s not a real reverse proxy comparison. Just another one ChatGPT-sale-bullshit-article with no sense.
Best comment so far