Web Architecture

A Reverse Proxy and a load balancer can be used in tandem where the reverse proxy fronts the services and provides security and caching features while the LB fans out traffic to multiple reverse proxies.

Reverse Proxies are HTTP specific while a load balancer can balance other types of traffic.

Load Balancers

Load balancers distribute requests from clients across multiple resources (e.g. servers, services, or databases) allowing for horizontal scaling. This site provides a nice visual of load balancing1. Load balancing can be implemented with hardware, software (e.g. HAProxy), or with cloud services (e.g. Amazon’s ELB).

Additionally LBs also allow you to:

  • Avoid requests going to unhealthy services
  • Eliminates single points of failure

Routing Choices

  • Layer 4: LB does not operate on the contets of the packet makes routing decisions based on the transport layer info such as source/destination IP and ports.
  • Layer 7: This is application layer, with the LB terminating the network traffic, reading the message, and making a routing decision.
  • Round robin
  • least loaded
  • session based

Reverse Proxy

A reverse proxy web server provides a public facing interface for internal services. Requests to the client are forwarded to the appropriate service, responses are then relied back to the client.

Benefits:

  • Avoids exposure of internal services and allows control of ingress (e.g. using fail2ban)
  • SSL termination which avoids needing to install certificates on each server
  • Caching and static content serving

traefik is my personal favorite for a web proxy currently, providing easy docker container support.


References

1.
Rose, S. Load Balancing. at https://samwho.dev/load-balancing/ (2023).