As we saw in the previous chapter, a reverse proxy makes connections to the upstream servers on behalf of clients. These upstream servers, therefore, have no direct connection to the client. This is for several different reasons, such as security, scalability, and performance.

Security is enhanced via the dual-layer nature of such a setup. If an attacker were to try to get onto the upstream server directly, he would first have to find a way to get onto the reverse proxy. Connections to the client can be encrypted by running them over HTTPS. These SSL connections may be terminated on the reverse proxy, when the upstream server cannot or should not provide this functionality itself. NGINX can act as an SSL ...