HAProxy deserves a mention alongside those - it's particularly strong for high-traffic production environments where its advanced load balancing algorithms and detailed metrics shine.
Caddy has been excellent for me thus far as well. I'm using it on a VPS to reverse proxy to the services I run at home via a Tailscale tunnel. Coming from Nginx in the past Caddy was drop-dead simple to configure.
The entire config for each vhost is 3 lines, including the domain definition and closing brace - and that includes TLS!
What's the difference between Reverse proxy and forward proxy? Is there something like "intermediate proxy"? Is this concept of L7 proxy, similar to DNAT/SNAT or Port forwarding in L3/L4?
Meta request: can we change the URL to the original source? This isn’t quite blogspam (since it’s the same author reposting the same piece onto Medium) but Medium is annoying enough that I’d still rather resolve to the original source
I would say the bullet points at the top are not strictly correct. The response does not necessarily transit the proxy. Responses can be returned directly to the client (DSR).
Your comment, to me, only points out that the OSI layer model is nonsense. Envoy in DSR mode routes traffic based on application features, at "layer 7".
The model itself isn’t nonsense because it’s not a model of load balancers; it’s a model of network protocols. Load balancers might handle multiple levels of the stack for the same traffic, but so does any other networked program, eg handling cross-domain redirects.
It took me an embarrassingly long time to internalize what the reverse proxy is. My brain got stuck on the fact that it is just proxying requests. What's so reverse about this? Silly.
It's one of the classic cases of a thing being named relative to what came before it, rather than being named on its own merit. This makes sense to people working at the time the new thing is introduced, but is confusing to every other learner in the future.
Forward proxies, proxies where client machines were configured to route all their outbound traffic through (similar to a router). Usually performed caching back in the day when the Internet tube was slow, later on got SSL decryption capabilities and filtering lists to make sure you stay off of your naughty sites and so the proxy admin could decrypt your banking credentials.
Could be worse. All the many things named after people prevalent in some fields more than in others, biology/medicine for example. When you read, for example, "loop of Henle" or "circle of Willis" you don't even know where to begin. You either know the term or not.
True, though I think it's often a larger challenge to capture the intrinsic quality of a medicinal compound or physiological feature than a man-made tool.
How about service proxy vs web proxy rather than reverse proxy and proxy? Makes more clear that one is a proxy on the service side and the other is a proxy on the client side. Service proxy and Client proxy might be even better.
I definitely prefer Caddy in my experience, so far.
The entire config for each vhost is 3 lines, including the domain definition and closing brace - and that includes TLS!
1: https://nginx.org/patches/dtls/
https://en.wikipedia.org/wiki/Proxy_server#Forward_proxy_vs....
Meta request: can we change the URL to the original source? This isn’t quite blogspam (since it’s the same author reposting the same piece onto Medium) but Medium is annoying enough that I’d still rather resolve to the original source
Layer 4 proxies are a very specific sometimes food that most people should actively avoid until they need it because of the tradeoffs.
DSR is layer 4, and not in scope of this post.
https://blog.envoyproxy.io/introduction-to-modern-network-lo...