← Lessons

quiz vs the machine

Gold1380

System Design

The Reverse Proxy and Static Assets

Offload static files and TLS at a reverse proxy in front of app servers.

4 min read · core · beat Gold to climb

What a reverse proxy does

A reverse proxy accepts client requests and forwards them to backend servers, hiding the topology behind one address.

  • It terminates TLS so app servers do not each handle certificates.
  • It serves static assets like images, CSS, and JavaScript directly from disk or cache.
  • It can compress, buffer slow clients, and route by path or host.

Static versus dynamic

Static files never change per request, so the proxy returns them without bothering the application. Dynamic requests are passed through to app servers.

Why this helps

  • App servers do less work, freeing CPU for business logic.
  • Static responses are fast because they skip the application entirely.
  • Centralizing TLS and headers keeps configuration in one place.

Practical notes

  • Set long cache headers on fingerprinted asset filenames.
  • Buffer slow clients at the proxy so backends are not tied up.
  • Route by path, sending one prefix to static and another to the API.

Key idea

A reverse proxy lets you serve static assets and terminate TLS at the edge, keeping app servers lean and focused on dynamic work.

Check yourself

Answer to earn rating on the learn ladder.

1. Why serve static assets from the reverse proxy?

2. What does terminating TLS at the proxy avoid?