HAProxy deserves a mention alongside those - it's particularly strong for high-traffic production environments where its advanced load balancing algorithms and detailed metrics shine.
Caddy has been excellent for me thus far as well. I'm using it on a VPS to reverse proxy to the services I run at home via a Tailscale tunnel. Coming from Nginx in the past Caddy was drop-dead simple to configure.
The entire config for each vhost is 3 lines, including the domain definition and closing brace - and that includes TLS!
I used to use Caddy for years and was active in the community.
I switched to Traefik for a few reasons: labels configuration (there is a parallel version of caddy maintained by somebody else that does it), how middleware are implemented and the dynamic capacities of Traefik.
Caddy is excellent, a brilliant piece of tech. For edge routing Traefik is worth at least considering.
I would say the bullet points at the top are not strictly correct. The response does not necessarily transit the proxy. Responses can be returned directly to the client (DSR).
Your comment, to me, only points out that the OSI layer model is nonsense. Envoy in DSR mode routes traffic based on application features, at "layer 7".
If you actually read ITU T-REC X.200, which specifies the OSI model, you'll find that it doesn't match the modern internet at all. E.g., we don't have an OSI-style transport protocol at all (connections themselves aren't addressable independent of the SSAPs), TCP and UDP are actually layer 5, the presentation layer is protocol-specific, and pretty much the entire stack falls to bits if the network layer isn't packet switched.
There's a separate term for the bits of the OSI model that are actually relevant; it's called the IETF model.
The model itself isn’t nonsense because it’s not a model of load balancers; it’s a model of network protocols. Load balancers might handle multiple levels of the stack for the same traffic, but so does any other networked program, eg handling cross-domain redirects.
What's the difference between Reverse proxy and forward proxy? Is there something like "intermediate proxy"? Is this concept of L7 proxy, similar to DNAT/SNAT or Port forwarding in L3/L4?
It took me an embarrassingly long time to internalize what the reverse proxy is. My brain got stuck on the fact that it is just proxying requests. What's so reverse about this? Silly.
It's one of the classic cases of a thing being named relative to what came before it, rather than being named on its own merit. This makes sense to people working at the time the new thing is introduced, but is confusing to every other learner in the future.
Forward proxies, proxies where client machines were configured to route all their outbound traffic through (similar to a router). Usually performed caching back in the day when the Internet tube was slow, later on got SSL decryption capabilities and filtering lists to make sure you stay off of your naughty sites and so the proxy admin could decrypt your banking credentials.
Could be worse. All the many things named after people prevalent in some fields more than in others, biology/medicine for example. When you read, for example, "loop of Henle" or "circle of Willis" you don't even know where to begin. You either know the term or not.
True, though I think it's often a larger challenge to capture the intrinsic quality of a medicinal compound or physiological feature than a man-made tool.
How about service proxy vs web proxy rather than reverse proxy and proxy? Makes more clear that one is a proxy on the service side and the other is a proxy on the client side. Service proxy and Client proxy might be even better.
Meta request: can we change the URL to the original source? This isn’t quite blogspam (since it’s the same author reposting the same piece onto Medium) but Medium is annoying enough that I’d still rather resolve to the original source
I definitely prefer Caddy in my experience, so far.