Build Network Proxies and Reverse Proxies in Go: A Hands-On Guide

Hey Dev.to community! 👋 If you’re a Go developer looking to level up your networking skills, proxies are a fantastic way to dive into real-world network programming. Whether you’re hiding client identities with a forward proxy or load-balancing microservices with a reverse proxy, Go’s concurrency and standard library make it a joy to build these tools. This guide is for developers with 1–2 years of Go experience, familiar with HTTP and basic networking. We’ll walk through practical code, share battle-tested tips, and avoid common pitfalls—perfect for your next project or portfolio piece!

Why Go for Proxies?

Go is a powerhouse for network programming:

• Standard Library: The net/http package handles HTTP like a champ.
• Concurrency: Goroutines make managing thousands of requests a breeze.
• Deployment: Single-binary output simplifies shipping to any platform.

Feature	Why It Rocks for Proxies
net/http Package	Streamlines HTTP request/response handling
Goroutines	Scales effortlessly for concurrent requests
Single Binary	Deploy anywhere with zero hassle

What You’ll Learn:

• The difference between forward and reverse proxies.
• How to build both in Go with clear, production-ready code.
• Optimization tricks and real-world lessons from my 10 years of Go experience.

Let’s dive in!

---

Network Proxies vs. Reverse Proxies: The Basics

Before we code, let’s clarify what proxies do. They’re middlemen in network communication, but their roles differ.

Forward Proxy: Your Client’s Advocate

A forward proxy sits between a client (like your browser) and the internet, fetching resources on the client’s behalf. Think of it as a personal assistant who grabs your coffee order without revealing you’re the one asking.

• How It Works: Client → Proxy → Server → Proxy → Client
• Use Cases: Anonymity (VPNs), content filtering, caching
• Go’s Edge: http.Client simplifies forwarding; Goroutines handle concurrent clients.

Reverse Proxy: The Server’s Gatekeeper

A reverse proxy sits in front of backend servers, routing client requests and shielding the backend. It’s like a restaurant host who directs your order to the right chef.

• How It Works: Client → Reverse Proxy → Backend → Reverse Proxy → Client
• Use Cases: Load balancing (Nginx), security, API gateways
• Go’s Edge: httputil.ReverseProxy makes routing a snap; Goroutines scale traffic.

Forward vs. Reverse: Quick Comparison

Feature	Forward Proxy	Reverse Proxy
Role	Serves clients	Serves backends
Control	Client-configured	Server-managed
Purpose	Hides client identity	Hides backend details
Go Tools	http.Client	httputil.ReverseProxy

---

Segment 2: Building a Forward Proxy in Go

Let’s get hands-on with a simple HTTP forward proxy. This code forwards client requests to any target server and returns the response. Perfect for anonymity or caching!

Simple Forward Proxy in Go

package main

import (
    "io"
    "log"
    "net/http"
)

func handleProxy(w http.ResponseWriter, r *http.Request) {
    client := &http.Client{}
    req, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
    if err != nil {
        http.Error(w, "Bad Request", http.StatusBadRequest)
        return
    }

    // Copy request headers
    for k, v := range r.Header {
        req.Header[k] = v
    }

    // Forward request
    resp, err := client.Do(req)
    if err != nil {
        http.Error(w, "Server Error", http.StatusInternalServerError)
        return
    }
    defer resp.Body.Close()

    // Copy response headers and status
    for k, v := range resp.Header {
        w.Header()[k] = v
    }
    w.WriteHeader(resp.StatusCode)
    io.Copy(w, resp.Body)
}

func main() {
    http.HandleFunc("/", handleProxy)
    log.Fatal(http.ListenAndServe(":8080", nil))
}

Run It:

1. Save as proxy.go.
2. Run go run proxy.go.
3. Test with curl -x http://localhost:8080 http://example.com.

What’s Happening:

• http.Client sends the client’s request to the target.
• Headers and body are copied to preserve the request.
• io.Copy streams the response efficiently.
• defer resp.Body.Close() prevents memory leaks.

Pro Tip: Always close resp.Body to avoid file descriptor leaks—a lesson I learned after a production crash!

Optimization Tricks

In a real-world content-filtering proxy, I boosted performance with these tweaks:

• Connection Pooling:

client := &http.Client{
    Transport: &http.Transport{
        MaxIdleConns:        100,
        IdleConnTimeout:     90 * time.Second,
        TLSHandshakeTimeout: 10 * time.Second,
    },
    Timeout: 30 * time.Second,
}

This cut latency from 200ms to 50ms by reusing connections.

• Pitfall Fix: Set MaxIdleConnsPerHost to limit per-host connections, avoiding excessive TCP handshakes.

---

Segment 3: Building a Reverse Proxy in Go

Now, let’s build a reverse proxy with round-robin load balancing to distribute requests across multiple backends. Ideal for microservices or high-traffic apps!

Simple Reverse Proxy with Round-Robin

package main

import (
    "log"
    "net/http"
    "net/http/httputil"
    "net/url"
    "sync/atomic"
)

type ReverseProxy struct {
    backends []*url.URL
    current  uint64
}

func NewReverseProxy(backendURLs []string) *ReverseProxy {
    urls := make([]*url.URL, len(backendURLs))
    for i, u := range backendURLs {
        parsedURL, err := url.Parse(u)
        if err != nil {
            log.Fatalf("Invalid URL: %v", err)
        }
        urls[i] = parsedURL
    }
    return &ReverseProxy{backends: urls}
}

func (p *ReverseProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    index := atomic.AddUint64(&p.current, 1) % uint64(len(p.backends))
    proxy := httputil.NewSingleHostReverseProxy(p.backends[index])
    proxy.ServeHTTP(w, r)
}

func main() {
    backends := []string{"http://localhost:8081", "http://localhost:8082"}
    proxy := NewReverseProxy(backends)
    log.Fatal(http.ListenAndServe(":8080", proxy))
}

Run It:

1. Save as reverse_proxy.go.
2. Run mock backends on ports 8081 and 8082 (e.g., simple Go HTTP servers).
3. Run go run reverse_proxy.go.
4. Test with curl http://localhost:8080.

What’s Happening:

• httputil.ReverseProxy handles request forwarding.
• atomic.AddUint64 ensures thread-safe round-robin selection.
• Requests alternate between backends.

Pro Tip: Use http.Transport for connection reuse:

proxy.Transport = &http.Transport{
    MaxIdleConns:        100,
    MaxIdleConnsPerHost: 10,
}

Real-World Insights

In a microservices API gateway, I learned:

• Health Checks: Poll backends to skip unhealthy ones:

func (p *ReverseProxy) healthCheck() {
    for {
        for _, backend := range p.backends {
            resp, err := http.Get(backend.String() + "/health")
            // Update backend status
            if resp != nil {
                resp.Body.Close()
            }
        }
        time.Sleep(10 * time.Second)
    }
}

• Pitfall Fix: Set ResponseHeaderTimeout to avoid slow backend delays.

---

Segment 4: Advanced Features and Best Practices

Let’s level up with advanced features like concurrency, security, and monitoring, plus best practices to make your proxy production-ready.

Advanced Features

High Concurrency

Go’s Goroutines shine here. Each request runs in its own lightweight thread, handling thousands of connections with minimal memory. For dynamic backends, use a thread-safe manager:

type BackendManager struct {
    backends []*url.URL
    mu       sync.RWMutex
}

func (m *BackendManager) UpdateBackends(newBackends []string) {
    m.mu.Lock()
    defer m.mu.Unlock()
    urls := make([]*url.URL, len(newBackends))
    for i, u := range newBackends {
        urls[i], _ = url.Parse(u)
    }
    m.backends = urls
}

Insight: Pair with Consul for zero-downtime backend updates in Kubernetes.

Security

• TLS: Use http.ListenAndServeTLS with Let’s Encrypt via golang.org/x/crypto/acme/autocert.
• Rate Limiting: Mitigate DDoS with golang.org/x/time/rate:

limiter := rate.NewLimiter(10, 50) // 10 reqs/sec, 50 burst
if !limiter.Allow() {
    http.Error(w, "Rate Limit Exceeded", http.StatusTooManyRequests)
    return
}

Monitoring

• Profiling: Enable net/http/pprof on :6060 for CPU/memory insights.
• Metrics: Use prometheus/client_golang for Prometheus/Grafana dashboards.

Pitfall Fix: Missing metrics made debugging a nightmare. Deploy Prometheus to track http_requests_total.

Best Practices

• Timeouts: Set http.Client and http.Transport timeouts to prevent hangs.
• Logging: Use go.uber.org/zap for structured, performant logs.
• Deployment: Containerize with Docker:

FROM golang:1.21
WORKDIR /app
COPY . .
RUN go build -o proxy
CMD ["./proxy"]

Insight: Nginx + Go for SSL termination boosted performance by 20%.

---

Segment 5: Real-World Use Cases and Call to Action

Real-World Use Cases

API Gateway

Route requests to microservices with authentication:

mux := http.NewServeMux()
mux.Handle("/users/", httputil.NewSingleHostReverseProxy(userService))
mux.Handle("/orders/", httputil.NewSingleHostReverseProxy(orderService))

Tip: Use http.StripPrefix to avoid routing conflicts.

Load Balancer

Use consistent hashing (github.com/stathat/consistent) for better cache hits and dynamic health checks.

Caching Proxy

Cache static content with sync.Map and TTL:

type CacheEntry struct {
    Data      []byte
    ExpiresAt time.Time
}

p.cache.Store(key, CacheEntry{Data: data, ExpiresAt: time.Now().Add(5 * time.Minute)})

Insight: This boosted cache hit rates from 60% to 85%.

Key Takeaways

• Go’s net/http and httputil make proxy development straightforward.
• Goroutines and connection pooling handle high traffic with ease.
• Optimizations like health checks and TLS ensure reliability.

Call to Action

Build your own proxy! Try:

• A TLS-enabled forward proxy with Let’s Encrypt.
• A reverse proxy with Prometheus monitoring.

Share your projects in the comments—I’d love to see what you create! Have questions or hit a snag? Drop a comment, and let’s debug together. 🚀