...
It can act as the point of SSL termination, i.e. it will serve the certificate for the service and decrypt the traffic that arrives from users via HTTPS. Many reverse proxies included useful helper functions for managing certificates.
It can further simplify certificate management if you have several installations of PhixFlow; they can be set up to be available at the same FQDN (using a single certificate), at different directories; e.g. phixflow.mycomany.com/production , phixflow.mycompany.com/test , phixflow.mycompany.com/dev.
They can be used to help manage the load on the system, providing an earlier point of failure for users rather than letting all requests on an overloaded system reach the back end servers.
They can be patched more aggressively than back end servers, for which stability is usually crucial. This is true for the reverse proxy and the server it sits on. This is important because this is the point which faces out to a wider network (your corporate network or the public internet), so is a potental potential point of attack for bad actors. There is no direct entry via HTTPS to the back end servers (administrative access must be allowed, but each infrastrucutre infrastructure provides it own ways of doing this securely.)
...
Any reverse proxy can be used providing that the https://phixflow.atlassian.net/wiki/pages/createpage.action?spaceKey=HELPTRUNKR&title=Minimum%20system%20requirements Minimum system requirements for PhixFlow are met. However, we recommend:
...
Components | Description |
|---|---|
 | Azure Network Security Group (NSG) - this can be any Layer 3/4 firewall |
 | MySQL database - this can be any of the supported database |
 | Server - linux or Windows |
Azure VNet | This could be any private network. |
Reverse Proxy | Often NGINX on linux or IIS on Windows, but any reverse proxy could be used. In this example, the reverse proxy terminates the SSL and passes on unencryted unencrypted connections safely through a private network the application server. |
...