In computer networking, a proxy server acts as a gateway for incoming requests from clients seeking resources from other servers. It serves the requests from the client and redirects them to the destination source over the internet. For the internet, the source of the request will be proxy, and the actual client will always be hidden until we pass the additional metadata to the request.

Proxy servers have different use cases:

• Monitoring and logging traffic
• Restrict a group of clients to access Internet services
• Improve latency or network performance by caching web pages
• Distributing loads among multiple servers
• Hide the user’s IP address for privacy

Types of Proxy Servers

There are two types of proxy servers: Forward Proxy or “Gateway” and Reverse Proxy. A forward proxy hides the identities of clients, whereas a reverse proxy hides the identities of servers.

Forward Proxy

Also known as proxy, when a forward proxy receives a request, it retrieves data from the internet. The main purpose of the forward proxy is to restrict internet access by a group of clients.

Whenever a client makes a request, it first goes to the proxy. After that proxy sends the request to the elucidata.io server. The response is then sent back to the proxy and is sent to the client. The elucidata.io server will only be aware of the proxy server; it doesn’t know the actual client exists.

Reverse Proxy

A reverse Proxy is used in front of a group of servers to receive requests from the internet. Usually, reverse proxy connects to the servers over a private network.

In the case of reverse proxy, clients are unaware of actual servers. Every request made by the client is directed to reverse proxy, which handles all the communications from thereafter. The reverse proxy can be used for authentication and caching.

Implement Reverse Proxy Inside VPC

If you are unfamiliar with VPC, subnets, internet gateway, I would recommend you to first go through AWS re:Invent

Let’s understand the concept of reverse proxy by implementing it to access ElasticSearch and Kibana deployed in a private subnet inside VPC.

The steps involved to achieve the Kibana dashboard are as follows:

1. Create a Ubuntu Ec2 instance in a public subnet inside VPC

2. SSH into the Ec2 instance and run the following set of commands

sudo apt update && sudo apt upgrade

## Install Nginx web server
sudo apt install nginx

## Disable default virtual i.e. pre-configured by Nginx
unlink /etc/nginx/sites-enabled/default

## Create reverse configuration file inside /etc/nginx/sites-available
cd /etc/nginx/sites-available
touch reverse-proxy.conf

## Paste the following Nginx configuration in reverse-proxy.conf
server {
       listen 80;
       listen [::]:80 ipv6only=on default_server;

       access_log /var/log/nginx/reverse-access.log;
       error_log /var/log/nginx/reverse-error.log;

       location / {
                   proxy_pass https://<endpoint_of_elasticsearch_domain>/_plugin/kibana/;
 }
       location /_plugin/kibana/ {
                   proxy_pass https://<endpoint_of_elasticsearch_domain>;
 }
}

## Copy configuration from /etc/nginx/sites-available to /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

## Test Nginx configuration, it return successful if configuration is valid
nginx -t

3. If everything goes fine, you can paste public IP or DNS provided by AWS in the browser and you will be redirected to the Kibana interface successfully.

What’s Next?

• Register your Domain on GoDaddy or Route53 i.e kibana.example.com

• Add TLS/SSL certificate for your domain using let’s encrypt

• Single sign-on feature to authenticate users