concept

Reverse Proxy

A reverse proxy sits between the internet and your services, routing incoming requests to the right application on your network.

A reverse proxy is a service that sits in front of your applications and routes incoming requests to the right one based on the domain name or path in the request.

Why it matters for a home lab

Without a reverse proxy, accessing services on a home server means remembering which port each one runs on: port 8080 for one tool, port 9000 for another, port 3000 for a third. None of it is memorable, none of it works cleanly with HTTPS, and exposing raw ports to the internet is poor security practice.

A reverse proxy solves all of this. You point a domain name at your server, and the proxy reads the incoming hostname and forwards the traffic to the correct container. A request to home.example.com goes to Home Assistant. A request to media.example.com goes to Jellyfin. From outside, both look like ordinary websites on standard ports.

What it enables

Because all traffic flows through a single point, SSL/TLS certificates can be managed in one place. The reverse proxy terminates HTTPS and communicates with your containers over plain HTTP internally. This means every service gets a valid certificate without each one needing to manage its own.

Traefik is the reverse proxy most commonly used in Docker home labs. It reads configuration directly from Docker labels, so adding a new service to the proxy is a matter of adding a few lines to a container definition.