← Back to glossary

Reverse Proxy vs Load Balancer

networking Intermediate

Also Known As

nginx reverse proxy HAProxy load balancer SSL termination

TL;DR

A reverse proxy forwards client requests to backend servers, adding SSL termination, caching, and compression. A load balancer distributes traffic across multiple backends for scalability.

Explanation

A reverse proxy (nginx, Caddy, Traefik) sits in front of one or more application servers: it terminates SSL, compresses responses, caches static content, handles slow clients, and hides backend topology. A load balancer (HAProxy, AWS ALB, nginx upstream) specifically distributes requests across multiple backend instances. In practice these overlap — nginx does both. PHP-FPM sits behind nginx as a reverse proxy that forwards PHP requests via FastCGI, serving static files directly.

Diagram

flowchart TD
    subgraph Reverse Proxy
        C1[Client] --> RP[nginx]
        RP -->|SSL termination| APP1[PHP-FPM]
        RP -->|Serves static| STATIC[/assets/]
        RP -->|Buffers slow clients| APP1
    end
    subgraph Load Balancer
        C2[Client] & C3[Client] & C4[Client] --> LB[HAProxy / ALB]
        LB --> S1[Server 1]
        LB --> S2[Server 2]
        LB --> S3[Server 3]
    end
style RP fill:#1f6feb,color:#fff
style LB fill:#238636,color:#fff

Common Misconception

✗ A load balancer is always required for production — a single-server setup with nginx as a reverse proxy handles PHP-FPM, SSL, and static files correctly without load balancing.

Why It Matters

Nginx as a reverse proxy protects PHP-FPM from slow clients — without it, PHP workers are held open waiting for slow network uploads while nginx buffers the full request first.

Common Mistakes

Exposing PHP-FPM port (9000) directly — always put nginx in front; FPM has no authentication or rate limiting.
Not buffering slow client responses in nginx — PHP workers are held until the client downloads the full response.
Load balancing without health checks — unhealthy backends receive traffic without them.
Round-robin balancing for stateful sessions without Redis — sticky sessions or centralised session storage is needed.

Code Examples

✗ Vulnerable

# PHP-FPM exposed directly to internet:
# docker-compose.yml:
services:
  php:
    image: php:8.3-fpm
    ports:
      - '9000:9000'  # NEVER expose FPM directly — no auth, protocol not HTTP

✓ Fixed

# nginx reverse proxy in front of PHP-FPM:
# nginx.conf:
server {
    listen 443 ssl http2;
    ssl_certificate /etc/ssl/cert.pem;
    location / {
        fastcgi_pass php:9000;  # Internal only
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        include fastcgi_params;
    }
    location ~* \.(css|js|png|jpg)$ {
        expires 1y;
        add_header Cache-Control 'public, immutable';
    }
}

References

↗ https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html

Tags

Added 15 Mar 2026

Edited 22 Mar 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 1

No pings yesterday

Amazonbot 12 Perplexity 7 Google 4 SEMrush 3 Unknown AI 2 Ahrefs 2 Meta AI 1

Also referenced

Gzip / Brotli Compression 33 PHP-FPM 30 Load Balancing 20 TLS Handshake 18

How they use it

crawler 29 crawler_json 1 pre-tracking 1

Related categories

php 6.3k performance 1.6k devops 1k networking 495

⚡ DEV INTEL Tools & Severity

🟡 Medium ⚙ Fix effort: Medium

⚡ Quick Fix

A reverse proxy (Nginx) terminates SSL and routes to one PHP backend; a load balancer distributes across multiple backends — Nginx can do both for small PHP deployments

📦 Applies To

any web api

🔗 Prerequisites

Load Balancing nginx + PHP-FPM Production Config SSL/TLS Certificate Types

🔍 Detection Hints

PHP directly exposed to internet without reverse proxy; single point of failure no load balancing; no SSL termination layer

Auto-detectable: ✗ No nginx haproxy aws-alb cloudflare

⚠ Related Problems