THN Interview Prep

Reverse Proxy vs CDN

What it is

  • Reverse proxy (e.g. nginx, Envoy, HAProxy in front of origins): a server that accepts client connections on behalf of backend apps, often terminating TLS, enforcing limits, and caching responses at the edge of your stack.
  • CDN (Content Delivery Network): a globally distributed set of edge PoPs that cache static (and sometimes dynamic) content close to users. Origin is your app or object storage; edges answer repeated requests without hitting origin every time.

When to use

PatternWhen
Reverse proxy onlySingle region, need TLS offload, routing, rate limits, compression
CDNGlobal users, large static assets, high read-heavy traffic, DDoS absorption at edge
BothCDN in front of reverse proxy or origin; proxy does app routing, CDN caches public GETs

Cache keys and TTL

  • Cache key typically includes: URL path, query string normalization rules, Vary headers (e.g. Accept-Encoding, Accept-Language), and sometimes custom headers for cache segmentation.
  • TTL (Cache-Control, s-maxage, CDN-Cache-Control): shorter for HTML that changes often; longer for versioned static assets (/assets/app-v123.js).
  • Stale-while-revalidate: serve stale content while refreshing in background—better perceived latency.
  Client --GET--> CDN edge --miss--> Origin / reverse proxy --> App
                     |
                     +-- hit --> return cached body + Age header

Alternatives

  • Direct to origin with no CDN: simpler, higher latency and load globally.
  • Client-side caching (service workers, browser cache): complements CDN; does not replace edge for first visits.
  • Application-level caching (Redis): for personalized or dynamic data; different layer than HTTP CDN.

Failure modes

  • Stale content: long TTL after deploy; mitigate with cache busting (hashed filenames), purge APIs, or short max-age for HTML.
  • Wrong Vary: serving gzip HTML to a client that cannot decode, or wrong language slice.
  • Cache poisoning: malicious query strings create unique keys; normalize keys and strip unsafe inputs.
  • Origin overload on purge storms or thundering herd after expiry—coordinate with caching strategies.

Interview talking points

  • Separate static (CDN-friendly) from dynamic (API, auth); cookies often prevent CDN cache for personalized pages.
  • Mention shield/origin capacity: CDN absorbs spikes; still estimate origin with back-of-envelope for cache miss ratio.
  • Tie edge latency to latency-throughput: fewer round trips to origin improves user-visible latency.

Last updated on

Spotted something unclear or wrong on this page?

On this page

Reverse Proxy vs CDNWhat it isWhen to useCache keys and TTLAlternativesFailure modesInterview talking pointsRelated fundamentals