NetworkForward proxy đứng giữa client và internet: client cấu hình proxy, mọi request đi qua proxy — dùng để ẩn danh tính client, bypass geo-restriction, corporate filtering.
Reverse proxy đứng trước server: client không biết server thật sự, mọi request qua reverse proxy trước — dùng để load balancing, SSL termination, caching, compression, security (ẩn internal architecture). Reverse proxy quan trọng trong production vì:
- SSL termination — giải mã HTTPS một lần tại proxy, backend dùng HTTP thuần
- Load balancing giữa các server instances
- Caching static assets, giảm load backend
- Rate limiting và WAF protection
- Gzip/Brotli compression. Nginx là reverse proxy phổ biến nhất; Caddy tự động HTTPS; Cloudflare là reverse proxy CDN toàn cầu. Trong Next.js/Vercel, Edge Network đóng vai trò reverse proxy trước Next.js server
A forward proxy sits between the client and the internet: the client is configured to route all requests through it — used to hide the client's identity, bypass geo-restrictions, or enforce corporate filtering.
A reverse proxy sits in front of servers: the client is unaware of the actual servers and all requests pass through the proxy first — used for load balancing, SSL termination, caching, compression, and security (hiding the internal architecture). Reverse proxies are critical in production because:
- SSL termination — HTTPS is decrypted once at the proxy, so backends communicate over plain HTTP
- load balancing across server instances
- caching of static assets, reducing backend load
- rate limiting and WAF protection
- Gzip/Brotli compression. Nginx is the most popular reverse proxy; Caddy handles HTTPS automatically; Cloudflare acts as a global CDN reverse proxy. In Next.js/Vercel, the Edge Network acts as a reverse proxy in front of the Next.js server