Reverse Proxy

A reverse proxy sits in front of one or more application servers and forwards requests to them. Nginx is one of the most popular reverse proxies because it is fast and easy to configure.

proxy_pass

The proxy_pass directive sends a request to a backend address:

server {
    listen 80;
    server_name app.example.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

Here Nginx receives the public request and forwards it to an app running on port 3000. The client never talks to the backend directly.

Why Use a Reverse Proxy

• Hide internal servers behind one public address
• Terminate HTTPS at Nginx so the backend stays simple
• Serve static files directly and proxy only dynamic requests
• Add caching, compression, and load balancing

Passing Headers

By default the backend loses information about the original client. Use proxy_set_header to forward it:

location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

• Host keeps the original hostname.
• X-Real-IP passes the client’s IP.
• X-Forwarded-For builds a chain of proxy IPs.
• X-Forwarded-Proto tells the backend whether the request was HTTP or HTTPS.

Without these headers, apps often log the proxy IP instead of the real visitor.