8 Top Open Source Reverse Proxy Servers for Linux – Tecmint
A reverse proxy server is a type of proxy server that is deployed between clients and back-end/origin servers, for example, an HTTP server such as NGINX, Apache, etc.. or application servers written in Nodejs, Python, Java, Ruby, PHP, and many other programming languages.
It is a gateway or an intermediary server that takes a client request, passes it on to one or more back-end servers, and subsequently fetches the response from the server and delivers it back to the client, thus making it appear as if the content originated from the reverse proxy server itself.
Generally, a reverse proxy server is an internal-facing proxy used as a ‘front-end‘ to control and protect access to back-end servers on a private network: it is typically deployed behind the network firewall.
It helps back-end servers to achieve anonymity to enhance their security. In an IT infrastructure, a reverse proxy can also function as an application firewall, load balancer, TLS terminator, web accelerator (by caching static and dynamic content), and much more.
In this article, we will review the 8 top open-source reverse proxy servers you can use on a Linux system.
HAProxy (HAProxy, which stands for High Availability Proxy), a free, open-source, very fast, reliable, and top-notch load balancer and proxying software for TCP and HTTP-based applications, built for high availability.
HAProxy is an HTTP reverse-proxy, a TCP proxy and normalizer, an SSL/TLS terminator/initiator/offloader, a caching proxy, an HTTP compression offloader, a traffic regulator, a content-based switch, a FastCGI gateway, and more. It is also a protection against DDoS and service abuse.
It is powered by an event-driven, non-blocking engine that combines a very fast I/O layer with a priority-based, multi-threaded scheduler which enables it to easily deal with tens of thousands of concurrent connections. Notably, HAProxy uses the PROXY protocol to pass the client’s connection information to backend or origin servers so that an application gets all the relevant information.
Some of HAProxy’s basic features include proxying, SSL support, monitoring both server states and its own state, high availability, load balancing, stickiness(maintain a visitor on the same server even across various events), content switching, HTTP rewriting, and redirection, server protection, logging, statistics, and much more.
NGINX, a free, open-source, high-performance, and very popular HTTP server and reverse proxy. It also functions as an IMAP/POP3 proxy server. NGINX is well known for its high performance, stability, rich feature set, simple and flexible configuration, and low resource consumption (particularly small memory footprint).
Just like HAProxy, NGINX has an event-driven architecture so it has no problem dealing with tens of thousands of concurrent connections, as it uses HAProxy’s PROXY protocol.
NGINX supports accelerated reverse proxying with caching using the ngx__proxy_module module, which allows passing requests to another server over protocols other than HTTP, such as FastCGI, uwsgi, SCGI, and memcached.
Importantly, it supports load balancing and fault tolerance which are vital aspects of large-scale distributed computing systems. The ngx__upstream_module module allows for defining groups of backend servers to distribute the requests coming from clients. This makes your applications more robust, available and reliable, highly scalable, with response time and throughput. Additionally, concerning security, it supports SSL/TLS termination and so many other security features.
Useful articles on Nginx web server you might like to read:
How to Install Nginx Web Server on Ubuntu 20. 04
How to Install Nginx on CentOS 8
How to Enable NGINX Status Page
3. Varnish HTTP Cache
Varnish HTTP Cache (or Varnish Cache or simply Varnish) is a free, open-source, high-performance, and very popular caching reverse-proxy software better known as a web application accelerator, designed to improve HTTP performance using server-side caching.
It is deployed between a client and an HTTP web server or application server; every time a client requests for information or a resource from a web server, Varnish stores a copy of the information, so the next time the client requests for the same information, Varnish will serve it without sending a request to the webserver thus reducing the load on the server and in turn speeding up web content delivery.
Varnish uses a flexible configuration language know as the Varnish Configuration Language (VLC) which among other things enables system administrators to configure how incoming requests should be processed, what content should be served, and from where, and how the request or response should be altered, and much more.
The varnish is also extensible – it can be extended using Varnish Modules (VMODs) and users can write their custom modules or use community provided modules.
The main limitation of Varnish is its lack of support for SSL/TLS. The only way to enable HTTPS is to deploy an SSL/TLS terminator or offloader such as HAProxy or NGINX in front of it.
Træfɪk (pronounced Traffic) is a free, open-source, modern, and fast HTTP reverse proxy and load balancer for deploying micro-services that supports multiple load balancing algorithms. It can interface with various providers (or service discovery mechanisms or orchestration tools) such as Kubernates, Docker, Etcd, Rest API, Mesos/Marathon, Swarm, and Zookeper.
Its lovable feature is its ability to manage its configuration automatically and dynamically thus discovering the right configuration for your services. It does this by scanning your infrastructure to find relevant information and discovers which service serves which request from the external world. The providers tell Træfɪk where your applications or micro-services are located.
Træfɪk’s other features are supported for WebSockets, HTTP/2, and GRPC, and hot reloading (continuously updates its configuration without restarts), HTTPS using Let’s Encrypt certificates (wildcard certificate support), and exposes a REST API. It also keeps access logs, and it provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB).
Also, Træfɪk ships with a simple HTML-based web user interface used to keep an eye on events. It also supports circuit breakers, retry requests, rate limiting, and basic authentication.
5. Apache Traffic Server
Formerly a commercial product owned by Yahoo which was later handed over to the Apache Foundation, Apache Traffic Server is a free, open-source, and fast caching forward and reverse-proxy server.
Traffic Server also works as a load balancer and can participate in flexible cache hierarchies. It is known to have handled over 400 TB a day of traffic at Yahoo.
It features a set of keep-alive, filtering, or anonymizing of content requests, and is extensible via an API that allows users to create custom plugins to modify HTTP headers, handle ESI requests, or design new cache algorithms.
6. Squid Proxy Server
Squid is a free, open-source, and well-known proxy server and Web cache daemon that supports various protocols such as HTTP, HTTPS, FTP, and more. It features a reverse proxy (d-accelerator) mode that caches incoming requests for outgoing data.
It supports rich traffic optimization options, access control, authorization, logging facilities, and much more.
A Pound is another free and open-source, lightweight reverse-proxy and load balancer and front-end for web servers. It is also an SSL terminator (that decrypts HTTPS requests from clients and sends them as plain HTTP to the back-end servers), an HTTP/HTTPS sanitizer(that verifies requests for correctness and accept only well-formed ones), and a fail-over server.
8. Apache HTTP Server
Last but not least, we have an Apache HTTP server (also known as HTTPD), the most popular web server on the globe. It can also be deployed and configured to act as a reverse proxy.
Additionally, you can also checkout Skipper, the new kid on the block. It is a free and open-source HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress.
That’s all we had for you in this guide. For more information about each tool in this list, check out their respective websites. Do not forget to share your thoughts with us via the feedback form below.
Best Linux Proxy Server – ITsyndicate ?
Nowadays using a proxy server could be the must-have option. For the current year, I faced with two situations when the most popular resources were blocked and I’m talking about Telegram issues in Russia and blocked in Ukraine. My customer and friend contacted me and requested to solve this complex situation by installing a proxy server.
Let’s get some sort of knowledge about proxy servers and solutions. The most common reason for using a proxy is to hide your real IP and access resources that are blocked in your location. Another reason for using caching proxy servers could be a way to reduce the load on the network, increase throughput, save traffic, monitor the user activities and even block unwanted sites. Another application of proxy server – web sites used for caching of generated pages to speed up loading of sites.
In this article, I will show the best Linux proxy servers in the most popular variants that you can use in configuration.
Linux Proxy Servers
This is the best Linux proxy server supporting HTTP, HTTPS, FTP and the rest of protocols. It allows increase network bandwidth and reduce the time of sites feedback by caching resources and pages. The pages and sites that are requested often could be used repeatedly. You can configure caching as in operative memory, so on the hard drive if needed to cache lots of data at slow Internet. Also IP rotation could be implemented to have multiple outbound IPs when you surf the web.
Withal, Squid has extra wide opportunities of controlling the access to network resources. You can block not only the obvious queries to domains or certain file sizes upload, but also access to the network at a specific time, work of protocols and ports, and also many other things. Squid supports not exceptionally only Linux operating system, however, initially, it was not so.
This is another caching best Linux distro for proxy server, which is installed on the client side. It supports all major web protocols, but increasingly being used not for content caching, but for filtration and security of user privacy. Thanks to it, you can change web pages, cut out advertisement, control the cookies, limit the access to several web sites, also delete any objectionable content and manage the headings sent by browser.
In contrast to Squid, the program is configured through the quite convenient web interface. Although, at certain points you may be confused. Except of web interface, you can use the configuration file, but it is much more difficult.
It is a small, but fast caching Linux proxy server with open source software, which supports HTTP and DNS protocol. Polipo can be used for advertisement filtering, to increase the privacy or speed up the web sites by using page caching. As well as Privoxy it is mainly intended to provide privacy. Program configuration is performed by a web interface, but besides itself, there are several graphical shells for interactivity with program.
Very simple and easy Linux proxy server with basic settings. It is created as a small and very fast proxy that supports HTTP and HTTPS. Despite the lightness of this server, Linux keeps all the necessary functions, such as remote access by using a web interface, based URL filtering of access to resources and so on.
This one proxy is intended not for traffic caching, but for its modification that supports by convenient programming language via the HTTP protocol. All the HTTPS connections may be accessed without changing by using the Connect method. Linux proxy server works quickly and has web interface to access of statistics of its work and settings.
Is a powerful but easy though proxy server positioning itself as a complete replacement of the Squid. Program keep filtering of Internet and DNS queries traffic, protection from viruses and spam, creating caching rules, and authentication using the ACL lists.
Moreover, here you can find a very detailed statistics page by using which you can learn everything about the program work and network load.
Best Linux Proxy Distros
CentOS proxy server is a free version of commercial Red Hat Enterprise Linux distro, developed by community. They take the initial codes of Red Hat Enterprise Linux, clean it from branding and organize constant release of system updates. It is created with the idea to produce a stable and free OS for enterprises and organizations.
CentOS contains only the most stable releases of software packages. This has led to the greatly reduced risk of errors and failures.
Users who set up CentOS have access to corporate class security updates, because this distribution is closely linked with Red Hat.
Includes a wide range of security features, including a powerful firewall and SELinux.
This is the most popular and best Linux server distro. Even if it’s not at the top of the lists among experienced users, the newcomers are definitely like it! This distribution based on Debian and has a regular cycle of new versions releases.
There is an easy and simple installer.
As user interface is used Unity by default. It is kinda different from other OS desktops appearance, but won’t be very difficult to assimilate.
After system is installed, you will get a wide range of software.
Popularity of Ubuntu caused a huge amount of software that suits perfectly; you can find it not only at official repositories, but also at side PPA and in Internet.
There is also a huge number of documentation and articles available in Internet that describes how to configure a system. If you are facing with any problem just try to look for solution in Internet and likely, you will find the answer.
Web Page Caching Servers
In contrast to the above mentioned programs, this proxy is designed greater for the work on the server side. It is intended to accelerate the web sites with its modern architecture that gives a significant productivity. Varnish cache saves web pages in memory of server for Apache or Nginx web server program would not generate it again. Web server only updates the pages when content is changing. To get content from the memory is much faster than use a full generating.
Everyone knows how great is this Linux file server distro, designed for operation under heavy load. But besides that, it can be used as a proxy server too. Ngnix can’t cache or filter the contents of pages, so his task is in accepting requests from clients on server, transferring this data to other programs and returning responses to the clients. Why is it beneficial to use? Because the program is optimized for the maximum performance and can take simultaneously up to ten thousands requests from users.
In this article, we reviewed and described the best Linux proxy servers and maybe there are not all the programs that would be worth adding to the list. We hope that this information will be useful to you and if you have any questions concerning mentioned topic, just contact ITsyndicate team to specify the details.
Set up the best proxy server entrusting the ITsyndicate experts
The most profitable solution – to entrust the case to people who know how to accomplish the highest-level results. Firstly, it saves your time, and secondly, saves your money. Therefore, you get two for the price of one and at the same time get a respectable, desired and excellent result from professionals. If setting up the best Linux proxy server of the latest updates is a difficult task for you, don’t worry. To carry these difficulties there is ITsyndicate team. Contacting us, you will get not only great quality of the work, but consultation on the questions that concern you. We are willing to help you at any time and make your proxy server the most productive and secure.
Proxy Servers – Squid | Ubuntu
Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol (WCCP).
The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms, and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid caching proxy server for many users ensure it is configured with a large amount of physical memory as Squid maintains an in-memory cache for increased performance.
At a terminal prompt, enter the following command to install the Squid server:
sudo apt install squid
Squid is configured by editing the directives contained within the /etc/squid/ configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.
Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary. Make this copy and protect it from writing using the following commands:
sudo cp /etc/squid/ /etc/squid/
sudo chmod a-w /etc/squid/
To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the _port directive as such:
Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer’s hostname. In this example it is set to weezie
The cache_dir option allows one to configure an on-disk cache, the default option is on-memory cache. The cache_dir directive takes the following arguments:
In the config file you can find the default cache_dir directive commented out:
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
You can just use the default option but you can also customize your cache directory, basically changing the
ufs: the old well-known Squid storage format that has always been there.
aufs: uses the same storage format as ufs, utilizing POSIX-threads to avoid blocking the main Squid process on disk-I/O. This was formerly known in Squid as async-io.
diskd: uses the same storage format as ufs, utilizing a separate process to avoid blocking the main Squid process on disk-I/O.
rock: is a database-style storage. All cached entries are stored in a “database” file, using fixed-size slots. A single entry occupies one or more slots.
If you want to use a different directory type please take a look at their different options.
Using Squid’s access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192. 168. 42. 0/24 subnetwork only:
Add the following to the bottom of the ACL section of your /etc/squid/ file:
acl fortytwo_network src 192. 0/24
Then, add the following to the top of the _access section of your /etc/squid/ file:
_access allow fortytwo_network
Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we’ll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10. 1. 0/24 subnetwork:
acl biz_network src 10. 0/24
acl biz_hours time M T W T F 9:00-17:00
_access allow biz_network biz_hours
After making changes to the /etc/squid/ file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:
sudo systemctl restart rvice
If formerly a customized squid3 was used that set up the spool at /var/log/squid3 to be a mountpoint, but otherwise kept the default configuration the upgrade will fail. The upgrade tries to rename/move files as needed, but it can’t do so for an active mountpoint. In that case please either adapt the mountpoint or the config in /etc/squid/ so that they match.
The same applies if the include config statement was used to pull in more files from the old path at /etc/squid3/. In those cases you should move and adapt your configuration accordingly.
Ubuntu Wiki Squid page.
Frequently Asked Questions about http proxy server linux
How do I setup a proxy server in Linux?
How to Set Up a Linux Proxy ServerThe first thing to do is to update to the latest package list. Use the “Sudo apt-get update”.Install Squid Proxy server.Start and enable the proxy server.To see the status use “systemctl status” command. … To see which port the proxy is running use “netstat –tnlp”.
How do I find HTTP proxy settings in Linux?
Single User Temporary Proxy SettingsOpen a Terminal window where you need proxy access.Set and export the HTTP_PROXY variable. export HTTP_PROXY=user:[email protected]:8080.Set and export the HTTPS_PROXY variable. … Set and export the NO_PROXY variable to prevent local traffic from being sent to the proxy.Apr 26, 2018
What is my HTTP proxy server?
Check Your Operating System Settings Selecting one of the options shows the proxy server address if you set it. Windows: Run a search and open Internet Options and select the Connections tab in that window. Clicking LAN Settings shows your proxy server address and more details about your current network configuration.May 17, 2020