Reverse proxy

A reverse proxy is a server that sits between the end-user requesting information from a site and the VIP application serving the content. VIP only recommends using a proxy if it is absolutely necessary due to application or policy requirements.

There are technical requirements and considerations to take into account before beginning to set up a reverse proxy.

A system administrator on the customer’s side should be involved early on, and the settings for a proxy should be tested on a child environment before a site launch. A sufficient amount of time—typically at least two weeks—should be allocated for thorough testing.

How a reverse proxy works

The most common use case for a reverse proxy is to enable more than one application to be served from the same domain. For example, if a non-WordPress application is served at example.com on a non-VIP host, and there is a need for a blog powered by WordPress, that blog application can be hosted on VIP, and a reverse proxy can forward example.com/blog/ traffic to the VIP application.

1. A request comes to https://www.example.com for the path /blog/2019/hello-world/.
2. The proxy server forwards the request to the VIP application’s convenience domain, along with the host header and request URI from the end-user’s browser. This sets the host header to https://www.example.com and request URI to /blog/2019/hello-world/.
3. The VIP application returns the post as https://www.example.com/blog/2019/hello-world/.
4. The user’s browser displays the VIP-powered content as https://www.example.com/blog/2019/hello-world/.

Considerations

Adding a reverse proxy configuration to a site can add complexity and restrict VIP’s ability to support and troubleshoot when needed. To improve VIP Support’s ability to respond and help more quickly, document the details of a reverse proxy architecture and configuration in the /docs directory.

Depending on the configuration of a reverse proxy, some VIP Platform security features may no longer work as expected. Configuring a reverse proxy  to correctly log the IP address of an end user is recommended.

Caching and content delivery networks (CDNs)

Content of a site hosted on VIP is already served and cached though the WordPress VIP Platform’s CDN. Using the CDN or caching features of a reverse proxy provider to serve a VIP site’s content instead of—or in addition to—VIP’s CDN is strongly discouraged. Enabling the CDN or caching features at the reverse proxy layer often results in having a double CDN, which if not carefully set up, may cause issues such as cache invalidation, accidental caching of authenticated requests or other private content, and possibly more.

If a caching feature or CDN other than VIP’s is being used for a site, it is essential that it is configured to coordinate cache purges at the proxy layer when caches are purged on VIP’s edge servers. VIP recommends that reverse proxy purges have low TTLs to avoid creating a cache juggling situation in which the reverse proxy’s cache clears before VIP’s and re-caches the older content.