Skip to content
W WikiWalls
Article Issue #5227

Reverse Proxy

What to know

Reverse Proxy is a networking component that accepts client connections and routes them to one or more backend origin servers, acting as an intermediary that the client communicates with directly; The reverse proxy receives an HTTPS request, terminates the TLS connection using a certificate it manages, inspects the Host header (or other routing rules), and forwards the decrypted request to the appropriate backend service over an internal network; The reverse proxy is the first piece of infrastructure a builder sets up when deploying multiple self-hosted services on a single VPS

Reverse Proxy, WikiWalls Glossary illustration
Wikiwalls Team Administrator
2 min read Subscribe to the Journal
« Back to Glossary Index

Reverse Proxy is a networking component that accepts client connections and routes them to one or more backend origin servers, acting as an intermediary that the client communicates with directly. Unlike a forward proxy (which is used by clients to reach the internet), a reverse proxy is deployed on the server side to manage inbound traffic. In self-hosted setups, the reverse proxy is typically the only service that listens on public ports 80 and 443, forwarding requests to the correct containerized application based on the requested hostname.

How it works

The reverse proxy receives an HTTPS request, terminates the TLS connection using a certificate it manages, inspects the Host header (or other routing rules), and forwards the decrypted request to the appropriate backend service over an internal network. It then relays the backend’s response to the original client. This architecture allows multiple distinct web applications (app.example.com, git.example.com, notes.example.com) to share a single public IP address and port, with the reverse proxy directing traffic based on the subdomain.

Key facts

  • Popular options: Nginx, Caddy, and Traefik are the three dominant reverse proxies in self-hosted stacks; Caddy and Traefik offer automatic Let’s Encrypt TLS with minimal config
  • TLS termination: The reverse proxy decrypts HTTPS at the edge; internal traffic between the proxy and backend services can run over HTTP on the internal Docker network
  • Header injection: Reverse proxies typically inject X-Forwarded-For and X-Real-IP headers so backend applications see the original client IP, not the proxy’s IP

For builders

The reverse proxy is the first piece of infrastructure a builder sets up when deploying multiple self-hosted services on a single VPS. Caddy is the most beginner-friendly option because it automatically provisions and renews Let’s Encrypt certificates with zero configuration. Traefik integrates natively with Docker labels for automatic service discovery, making it the preferred choice for Docker Compose environments where new services are added frequently.

Sources

« Back to Definition Index
If this saved you an afternoon — subscribe to the Journal and we will send the next one straight to your inbox.
Wikiwalls Team
Administrator · 41 published guides · Joined 2016

Welcome to wikiwalls

More from WikiWalls

AI & APIs

Cursor vs Copilot vs Cody vs Windsurf, after a 30-day production diary

May 14, 2026 · 24 min read
AI & APIs

The Cheapest Production-Grade LLM, ranked at constant output quality

May 13, 2026 · 16 min read
Self-Hosted

Best Mini-PC for Homelab: Beelink, Minisforum, GMKtec Tested

May 11, 2026 · 5 min read
AI & APIs

Best AI Note Apps: Mem vs Reflect vs Tana vs Saner.ai

May 11, 2026 · 6 min read
The WikiWalls Journal · Free, weekly

One careful fix in your inbox each Wednesday.

No affiliate links inside the diagnosis. No sponsored "top 10". One careful fix per week — unsubscribe in one click.

No tracking pixels · No spam · Edited by a human.