A proxy allows clients to communicate (connect) with servers anonymously while a reverse proxy allows servers to communicate (serve) with clients anonymously. That's my one liner
For those trying to understand the difference, a quote from the video: "In reverse proxy the client doesn't know which server it is connecting to (balancer). In proxy the server doesn't know which client it is connecting from (VPN)."
Trying to understand, In both the cases, Is the end-response is bypassing Reverse-Proxy/Load-balancer and directly sending it to Client? My understanding is, in both the cases END servers doesn't know FIRST client. I mean, Reverse-Proxy/Load-balancer just to re-direct request not bothered on Response? Please explain.
Not necessarily a vpn. Since in a vpn, all communication is encrypted between the machines which are in the network, but it can also just be a proxy without encryption, and still not a vpn
Proxy Explained: 00:20 Proxy Benefits: 02:25 Reverse Proxy Explained: 04:55 Reverse Proxy Benefits: 06:49 Remake of this video (2020) Available here with more details, FAQ & more ua-cam.com/video/SqqrOspasag/v-deo.html)
Glad UA-cam recommended me this one. Love the analogy, best simplification I heard so far: Proxy: Server doesn't know who the real client is Reverse Proxy: The client doesn't know who the real (backend) server is
Thank you Hussein for all your video, all of them are just really great :) I want to add these explanations: Proxy : Sits between the client and the internet which is often used within organisation to monitor web traffic. Reverse Proxy : Sits between internet and our servers which often used to load balance traffic & serve content from cache. After all, your phrase 'With a proxy the server do not know the client, with a reverse proxy the client doesn't know which server is serving the content' is extremely powerful and self-explanatory, I used it on technical interview and the recruiter was impressed by the simplicity :D
Great explanation. So within an enterprise network you want your clients outbound traffic to go through a forward proxy. For your environment's endpoints and web servers, you want external traffic to come through a reverse proxy.
Nasser, in a reverse proxy the client goes to the server first - and the server then reverse proxies you to another system, such as CASB or Okta or anything else like that; with a proxy you go to the proxy first and then onto your server!
The clients behind the proxy server can be identified by the Web server. The client originating the Web request (modern browsers) will embed the IP address in the header. There are many websites which displays the originating IP address of the client, even if you are using proxy server.
That is correct. Proxies can add the via headers or originating ip address . So the server can know the original client. in a proxy that doesn’t change the content, the server wont know the client
SIM KM thank you so much. I got to admit that I dont think I know alot I know barely enough to scratch the surface and still learning everyday :). Glad you like it!
Learn the fundamentals of the backend, scaling and load balancing with my Introduction to NGINX udemy course Grab a discount coupon here nginx.husseinnasser.com
In my testing, Zeus Proxy stands out as the best among proxy providers, offering robust customer success support and dependable IPs in a large pool, all at a competitive price.
If ISPs are using a proxy then will the DNS be stored in the proxy itself? If this is true, will changing the DNS unblock web sites? I am confused about how DNS and proxy work together.
Good question, it depends on the use case. You can use one of them only or both. A reverse proxy is most widely used as a load balancer. (Nginx, haproxy, caddy) A proxy can be used to move common library logic outside the application (example service mesh, linkerd, envoy) Yes you can deploy a proxy and a reverse proxy in your system, this is particularly common in microservices architecture. Doesn’t necessarily mean its a good idea though since it increases overhead. Hope that helps,
brow, thank you so much for your videos, but I have a comment: I think that I get the information, maybe from your channel, the most direct way, to not lose the focus (for example, I got kind of lost when you made the democracy comment, because I mostly agree, it is kind of your point of view, or the usage, but not the definition itself) Sorry if what i wrote is not clear, or maybe I am not making myself clear, but English is not my native language.
What a great question and Yes! Very possible here are few examples You can have a frontend reverse proxy that acts like a tls terminator (nginx, haproxy, caddy etc) that communicate with a backend of another vanilla unencrypted HTTP reverse proxy http accelerator so we can do caching ( varnish ), which then communicates with another reverse proxy that re establishes TLS (nginx) then that reverse proxy will also acts like a load balancer to balance the requests between 10 services on the backend. That is a common CDN production setup. Another chain of proxies example are service meshes such envoy and linkerd and istio where those act like both proxy and reverse proxy at the same time. Checkout the proxy playlist on the channel to learn more Hope that helps
In my opinion you need to explain proxy concept in slightly different manner.Because it’s not pretty clear why hiding the identity of client is beneficial. It would be better if you show two different scenarios listed below: 1) once enclosing clients as well as proxy within an intranet and keeping server in outside world which is internet. That way hiding multiple clients identity makes sense. eg: From my office network, I want to google some information. In that case google server doesn’t really need to know my identity as a client 2) in second scenario enclose servers n proxy(which is reverse proxy in this case) into intranet and keep client in outside world which is internet. With this implementation, clients doesn’t really need to know the actual server where request has been redirected. eg: google maintains information on various servers internally which should be hidden from outside world.
shefali mittal thank you for your feedback! I really appreciate it 🙏 I covered some of these topics in the new 2020 version here ua-cam.com/video/SqqrOspasag/v-deo.html
@Hussein Nasser You mentioned that using VPN to trick a proxy. In your proxy schematic. where would the VPN sit? If I had to guess it would sit somewhere between the client and the proxy.
Andres Castillo excellent question Andy! The VPN can set in two places, it set behind the proxy as just another servers that we tunnel things through. As long as your proxy packets through the connection to that VPN server. Or the VPN can completely replace your proxy completely, effectively acts as your proxy server and do tunneling through your connection. It also depends if you are going through a transparent proxy or an actual layer 7 proxy. If your ISP implements a transparent proxy that might be able to block access to certain VPN, if your ISP (or workplace) forces you to use a proxy on your client (worse thing they can do) they might even block your internet if you don’t use their proxy. This is so that they can spy on you . For workplace that might be ok, but ISP big no no
Thanks very much, well explained!! For stale caching how is it avoided? Presumably there would be a retention period but any common dynamic way to avoid?
For the people that doesnt understands A proxy server protects your ip data from data hackers collections ( when you browse around internet in a sandboxied browser ) for browsing only, dont place personal data in proxied An ISP should offer proxied for every client But this is enabled only in countries where your privacy matters I dont knoq which country that is
I understood that proxy and reverse proxy are same because client thinks he got response from server but actually it got from proxy and the server thinks it got request from client but(proxy) so both parties are anonymous to each other right? So why two different terms instead of saying just proxy?
Get my Fundamentals of Networking for Effective Backends udemy course Head to network.husseinnasser.com (link redirects to udemy with coupon)
A proxy allows clients to communicate (connect) with servers anonymously while a reverse proxy allows servers to communicate (serve) with clients anonymously. That's my one liner
11 mins in one word. I stayed longer because of the benefits though.
Not only anonymous there are much things you can do with proxy
@@anveshreddy2150 What else can you do with a proxy?
@@Ham-pb7pb Caching?
@@Ham-pb7pb Load Balancing, Caching, Security because you can hide a lot of your servers who works together behind the reverse proxy, ...
For those trying to understand the difference, a quote from the video: "In reverse proxy the client doesn't know which server it is connecting to (balancer). In proxy the server doesn't know which client it is connecting from (VPN)."
Great explanation! Thanks!
Thanks Dimitri
Bro, your 5 magical line explained everything
Trying to understand, In both the cases, Is the end-response is bypassing Reverse-Proxy/Load-balancer and directly sending it to Client? My understanding is, in both the cases END servers doesn't know FIRST client.
I mean, Reverse-Proxy/Load-balancer just to re-direct request not bothered on Response? Please explain.
Not necessarily a vpn. Since in a vpn, all communication is encrypted between the machines which are in the network, but it can also just be a proxy without encryption, and still not a vpn
Proxy Explained: 00:20
Proxy Benefits: 02:25
Reverse Proxy Explained: 04:55
Reverse Proxy Benefits: 06:49
Remake of this video (2020) Available here with more details, FAQ & more ua-cam.com/video/SqqrOspasag/v-deo.html)
Thq
thanks for the timestamps. great video!
@@danchisholm1
.
.l
.h
.
.
@@jegadhesankannan4262
The
.
.
M
.
Glad UA-cam recommended me this one. Love the analogy, best simplification I heard so far:
Proxy: Server doesn't know who the real client is
Reverse Proxy: The client doesn't know who the real (backend) server is
Thank you Hussein for all your video, all of them are just really great :)
I want to add these explanations:
Proxy : Sits between the client and the internet which is often used within organisation to monitor web traffic.
Reverse Proxy : Sits between internet and our servers which often used to load balance traffic & serve content from cache.
After all, your phrase 'With a proxy the server do not know the client, with a reverse proxy the client doesn't know which server is serving the content' is extremely powerful and self-explanatory, I used it on technical interview and the recruiter was impressed by the simplicity :D
abdallah dhaou Thats is amazing! Very happy I could help. Best of luck and thanks for the summary
I like the line "server doesn't know which client" and "client doesn't know which server" ... well explained.
So all the instructors iv seen till now were just making this concept more difficult than its supposed to be..amazing explanation man..subscribed
Namah Shrestha im humbled, thank you for your lovely comment.
you dont want the servers knowing who you are = forward proxy
you dont want the clients knowing who you are = reverse proxy
When I want to learn a backend concept, you're always my first choice man. Amazing explanation!
Super video! I applauded for ₹40.00 👏
I seriously want you to make a course on all the in-depth concepts you know in back-end engineering 🤩🤩
Great explanation. So within an enterprise network you want your clients outbound traffic to go through a forward proxy. For your environment's endpoints and web servers, you want external traffic to come through a reverse proxy.
Well said, nice summary
Superb content, just subscribed. We need a "Proxy killed democracy" t-shirt!
Best sentence in a Video About Proxys: "Besically we killed Democracy"
Eternal struggle!
Correct spelling is Basically not Besically.
Nasser, in a reverse proxy the client goes to the server first - and the server then reverse proxies you to another system, such as CASB or Okta or anything else like that; with a proxy you go to the proxy first and then onto your server!
Sir I must say your videos are pure gold.
This is the most crystal clear explanation of the differences. Thank you Hussein.
❤️❤️
the one video that gave enough clarity on what a reverse proxy actually meant. thanks mate.
Super video! I applauded for ₹100.00 👏👏
Thank you so much 😀
You did a really good job explaining the difference between these two. Help me a lot, Thanks man.
Elegantly (and humorously) explained!
Thank you Steve !!
Thanks for such a good content !! I was very confused between proxy and reverse proxy earlier but now its clear :p
Priya Yadav glad I could help Priya. Thanks for your comment :)
Great explanation! Finally understand the difference between the two now. Not too difficult :)
sammyiboi really glad I could help :) yes difference is simple! have a great day and thanks for your comment
The clients behind the proxy server can be identified by the Web server. The client originating the Web request (modern browsers) will embed the IP address in the header. There are many websites which displays the originating IP address of the client, even if you are using proxy server.
That is correct. Proxies can add the via headers or originating ip address . So the server can know the original client. in a proxy that doesn’t change the content, the server wont know the client
Thank you for simplifying matters. It shows u know a lot to be able to do this. well-done!
SIM KM thank you so much. I got to admit that I dont think I know alot I know barely enough to scratch the surface and still learning everyday :). Glad you like it!
Thanks for the very lucid explanation. I did not know about reverse proxies until I heard you. Thanks again.
Thanks Guruaj for your message. Glad I could help! Cheers
You made this video so much fun to watch.
Great explanation! Simple and concise. Keep up the good work!
Thanks Angel!!
Best explanation on UA-cam
I’m humbled thanks for watching!
We killed democracy is what we do 😂😂😆
Patrick Doneld someone made it to the end of the video 😂
@@hnasr I did as well
China comes to mind
Excellent explanation you did it better then my university’s teacher. Thank you very much!
Can you please do the grokking system design course? I've seen like 10 other channels, your's is the only one I can binge.
Thanks. Very simple and easy to understand explanation.
Edgardo Rivera thank you for watching happy i could help.
Great video. I am hosting an application and was wondering what reverse proxy was. Thank you!
Yashasvi glad the video was useful :)
"Basically we kill democracy, that's what we do " 😂😂😂
Had it paused at 4:48 and resumed it just to get surprised by this amazing line
Hussein you are killing it ! thanks
Nice explanation, now I know how nginx works. Thanks from Brazil.
Bruno do Nascimento Maciel Thanks for your comment 😊 nginx is a cool layer 7 reverse proxy , did you check out Caddy or haproxy?
Learn the fundamentals of the backend, scaling and load balancing with my Introduction to NGINX udemy course
Grab a discount coupon here nginx.husseinnasser.com
Very good content presented in an easy-to-grasp manner. Subscribed!
Radu Nițescu thanks Radu!! Enjoy the content 😊
Thanks for this video.... Nicely explained 😀
Best video on proxies out there
Thanks for this simple explanation.
aws load balancing brought me here, You are a genius
Hi Hussein, thanks for this crisp video. whats the difference between proxy and an AWS NAT gateway
Great explanation! Thanks :D
great explanation! most of tech is just vocabulary, when you understand its just common sense.
articulate exactly everything is common sense. Explaining a concept with another complicated concept just confuses me so I like to simplify things
Explained in best way....
Best explanation I've ever seen. Thank you
Thanks for making this video. Nicely paced and easy explanation.
Nice video! I appreciated the humor. 🐿😎
THANK YOU SO MUCH. Love the visual. Always getting this confused before.
Thanks Jeff! I used to get confused about this all the time as well that is why I made this video
Protocol mapping as well ; respond to https traffic and talk to internal servers via http etc
This man is a hero.
Well explained bro (That's why subscribed). Thanks a lot. Keep it up.
Simple and clear explanation. Great video.
innovation-streams thank you so much!
So as an example for the canary deployment can we consider how netflix shows different thumbnails each time we log in?
Pretty pretty nice explanation Hussein!!!!
Great video Hussein. Very clear and simplified.
Thanks Brian Appreciate it !!
Very clear explanation.. Thanks a lot for your efforts.
In my testing, Zeus Proxy stands out as the best among proxy providers, offering robust customer success support and dependable IPs in a large pool, all at a competitive price.
If ISPs are using a proxy then will the DNS be stored in the proxy itself? If this is true, will changing the DNS unblock web sites? I am confused about how DNS and proxy work together.
Good video. Good visualization! Thanks
Explained really really clearly. Thank you for sharing!
Do we use proxy and reverse proxy together or do we either use one of them in production ?
Good question, it depends on the use case. You can use one of them only or both. A reverse proxy is most widely used as a load balancer. (Nginx, haproxy, caddy)
A proxy can be used to move common library logic outside the application (example service mesh, linkerd, envoy)
Yes you can deploy a proxy and a reverse proxy in your system, this is particularly common in microservices architecture. Doesn’t necessarily mean its a good idea though since it increases overhead.
Hope that helps,
Thanks for this nice video, Mr. Hussain. Expecting a lot more videos from you.
Nice video, easily comprehensible definition...
So, Haproxy is a "reverse proxy" typed application and it works as "loadbalancer"
Great video explained in simple way on. Reverse proxy 👍
Thank u Bro for the clear explanation of reverse proxy. go ahead
kavin tharun thank you for watching 😊
I would have loved to understand the impact of session and cookies if any in case of proxies.
Best explanation with diagram.
this video is much beneficial for me nice explain m fro, india love u
zero axis glad you enjoy it! all the love to my indian subs ❤️
Very simple explanation. Thank you!
Great summation. Thank you.
Sebastian Robertson happy to help
brow, thank you so much for your videos, but I have a comment: I think that I get the information, maybe from your channel, the most direct way, to not lose the focus (for example, I got kind of lost when you made the democracy comment, because I mostly agree, it is kind of your point of view, or the usage, but not the definition itself) Sorry if what i wrote is not clear, or maybe I am not making myself clear, but English is not my native language.
Can you chain multiple proxys? And is there any reason to do that?
What a great question and Yes! Very possible here are few examples You can have a frontend reverse proxy that acts like a tls terminator (nginx, haproxy, caddy etc) that communicate with a backend of another vanilla unencrypted HTTP reverse proxy http accelerator so we can do caching ( varnish ), which then communicates with another reverse proxy that re establishes TLS (nginx) then that reverse proxy will also acts like a load balancer to balance the requests between 10 services on the backend.
That is a common CDN production setup.
Another chain of proxies example are service meshes such envoy and linkerd and istio where those act like both proxy and reverse proxy at the same time.
Checkout the proxy playlist on the channel to learn more
Hope that helps
@@hnasr Thank you, I was just curious about this possibility. You cleared that out and I will sure check your playlist.
Very funny, easy to understand and epic voice :D
Good video man! Learned a lot!
In my opinion you need to explain proxy concept in slightly different manner.Because it’s not pretty clear why hiding the identity of client is beneficial. It would be better if you show two different scenarios listed below:
1) once enclosing clients as well as proxy within an intranet and keeping server in outside world which is internet. That way hiding multiple clients identity makes sense. eg: From my office network, I want to google some information. In that case google server doesn’t really need to know my identity as a client
2) in second scenario enclose servers n proxy(which is reverse proxy in this case) into intranet and keep client in outside world which is internet. With this implementation, clients doesn’t really need to know the actual server where request has been redirected. eg: google maintains information on various servers internally which should be hidden from outside world.
shefali mittal thank you for your feedback! I really appreciate it 🙏
I covered some of these topics in the new 2020 version here
ua-cam.com/video/SqqrOspasag/v-deo.html
My twoliner:
Proxy: Requests go from unknown source to known destination.
Reverse Proxy: Requests go from known source to unknown destination.
really helpful and professionally explained GJ
Thank you very much :) Really glad you enjoyed the content.
Great video. Excellent explanation!
Can I reverse proxy any website on my domain?
Nice one Husso thanks from Brazil
Love all my subs from Brazil 🇧🇷❤️
Subscribed! Really great content. Concepts explained so beautifully. Thanks
🙏🙏
Perfect explanation!
This was a very useful content. Thanks for making this video!
Thank you very much for such an awesome tutorial
Thanks for this short and good explanation that helped me a lot!
Glad it helped Appreciate you
@Hussein Nasser
You mentioned that using VPN to trick a proxy.
In your proxy schematic. where would the VPN sit?
If I had to guess it would sit somewhere between the client and the proxy.
Andres Castillo excellent question Andy! The VPN can set in two places, it set behind the proxy as just another servers that we tunnel things through. As long as your proxy packets through the connection to that VPN server.
Or the VPN can completely replace your proxy completely, effectively acts as your proxy server and do tunneling through your connection.
It also depends if you are going through a transparent proxy or an actual layer 7 proxy. If your ISP implements a transparent proxy that might be able to block access to certain VPN, if your ISP (or workplace) forces you to use a proxy on your client (worse thing they can do) they might even block your internet if you don’t use their proxy. This is so that they can spy on you . For workplace that might be ok, but ISP big no no
Check out my VPN vs Proxy video ua-cam.com/video/npnqyRT77Zc/v-deo.html
It cannot sit between the client and proxy because then the proxy still has to know where the request is going in order to send it.
i did not know about gliffy, pretty cool.
tldr; the server doesn't know end source(proxy) and the client doesn't know the end destination(reverse)
Nice
Great Explanation!
Olga Yazovskaya thanks! Glad you liked the video
Such nicely explained.. thanks
Thanks very much, well explained!!
For stale caching how is it avoided? Presumably there would be a retention period but any common dynamic way to avoid?
Ill make a video on this topic but you can use write through or write back to avoid
I have a qucik question, can the same server act as a proxy server and a reverse proxy server at the same time, or do we need 2 separate servers?
As always Great content with clear explications.
Great explanation, thank you!
n1ghthawkx thanks for watching appropriate it
For the people that doesnt understands
A proxy server protects your ip data from data hackers collections ( when you browse around internet in a sandboxied browser ) for browsing only, dont place personal data in proxied
An ISP should offer proxied for every client
But this is enabled only in countries where your privacy matters
I dont knoq which country that is
I understood that proxy and reverse proxy are same because client thinks he got response from server but actually it got from proxy and the server thinks it got request from client but(proxy) so both parties are anonymous to each other right? So why two different terms instead of saying just proxy?