What is a reverse proxy?
A reverse proxy is an intermediary server that receives requests from clients (browsers, applications) and redirects them to the container or server that actually hosts your application.
In other words, your users never interact directly with your containers: they go through this central point.
Why is this useful?
- Centralized port management
- Each container has its own internal port (e.g., Apache on 8080, Nginx on 8081, Nextcloud on 8082β¦).
- Without a reverse proxy, your users would have to connect to these ports directly. Thatβs neither practical nor clean.
- The reverse proxy receives all requests on port 80 (HTTP) or 443 (HTTPS) and routes them to the correct containers based on the domain name or subdomain.
- Simplified HTTPS
- Traefik can automatically generate and renew SSL/TLS certificates via Letβs Encrypt.
- Your containers remain on internal HTTP, but your users see a secure HTTPS site.
- Flexibility and Routing
- You can host multiple sites on a single server using different containers.
-
Example:
site1.domain.tldβ PHP 7.4 + Apache containersite2.domain.tldβ WordPress containerapi.domain.tldβ Node.js container
- The Reverse Proxy handles all routing properly.
- Security and Isolation
- Your containers are never directly exposed to the Internet.
- You can add filtering rules, authentication, or even bandwidth limits directly in the proxy.
Simplified diagram
Internet
|
[ Traefik ]
| | |
site1 site2 api
(cont1) (cont2) (cont3)Each container has its own internal port, but Traefik manages traffic on a single public port (80/443).
π‘ Tip: Even if you only have one site today, using a reverse proxy from the start prevents you from having to reorganize your containers later when you have multiple ones.