7

I'm having some difficulty in understanding the difference between reverse proxy (i.e. using proxy_pass directive with a given upstream server) and a 301 permanent redirect. How are they similar/different?

Reverse Proxy

upstream backend {
    server backend1.example.com       weight=5;
    server backend2.example.com:8080;
}

server {
    location / {
        proxy_pass http://backend;
    }
}

HHTP Redirect

Apache Example: http://www.inmotionhosting.com/support/website/htaccess/redirect-without-changing-url

NGINX example:

server {
    listen 80;
    server_name domain1.com;
    return 301 $scheme://domain2.com$request_uri;
}

Hence, it seems that both approaches have no difference from an end-user perspective. I want to ensure efficient bandwidth usage, while utilizing SSL. Currently, the app server uses its own self-signed SSL certificate with Nginx. What is the recommended approach for redirecting users from a website hosted by a standard web hosting company (hostgator, godaddy, etc.) to a separate server app server?

cynical biscuit
  • 323
  • 1
  • 5
  • 17

1 Answers1

39

With a redirect the server tells the client to look elsewhere for the resource. The client will be aware of this new location. The new location must be reachable from the client.
A reverse proxy instead forwards the request of the client to some other location itself and sends the response from this location back to the client. This means that the client is not aware of the new location and that the new location does not need to be directly reachable by the client.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Suppose I have server with domain A, which actually contains the application. However, users/client will connect to different server with domain B to accces the application. The users will authenticate into the application from domain B. What is the recommended approach -- redirect or reverse proxy? They are both pretty similar in terms of intended outcome. – cynical biscuit Feb 10 '17 at 16:08
  • Reverse proxy is usually used to get (maybe restricted) access to some non-public server and not to provide proxies access to a server which can be publicly reached also. As for authentication: If you use redirect you need to let A know that the user is authenticated by B using OAUTH or similar. When using a reverse proxy A is usually not reachable from the outside directly and B checks both authentication and access. – Steffen Ullrich Feb 10 '17 at 16:29
  • Thank you that's clear. Do I need to modify the DNS entries to include the domain A (i.e. godaddy, or hostgator)? – cynical biscuit Feb 11 '17 at 01:05
  • 1
    @cynicalbiscuit: with a redirect A is visible from outside so it must be in a public DNS (unless you access it by IP address). With a reverse proxy A is inside behind B so it should be known by B but does not need to be in a public DNS. – Steffen Ullrich Feb 11 '17 at 05:45