Back to Blog
team@tinypod.app

Understanding Reverse Proxies for Self-Hosting

Reverse proxies route traffic to your self-hosted services. How they work, why you need one, and which to choose.

reverse-proxynetworkingcaddynginx

What Is a Reverse Proxy?


A reverse proxy sits between the internet and your services. It receives incoming requests and routes them to the correct backend service.


Why You Need One


Multiple Services, One Server

Your server has one IP address. A reverse proxy routes requests based on the domain name:

  • git.example.com → Gitea (port 3000)
  • wiki.example.com → Outline (port 3001)
  • monitor.example.com → Grafana (port 3002)

    • HTTPS

    The reverse proxy handles SSL certificates and HTTPS termination. Your backend services run plain HTTP.


    Security

  • Rate limiting
  • IP filtering
  • Header manipulation
  • Request buffering
  • DDoS mitigation

    • How It Works


    1. Client requests git.example.com

    2. DNS resolves to your server IP

    3. Reverse proxy receives the request on port 443

    4. Proxy checks the Host header

    5. Request is forwarded to Gitea on port 3000

    6. Response flows back through the proxy


    Popular Options


    Caddy

  • Automatic HTTPS (best-in-class)
  • Simplest configuration
  • Good for most self-hosting setups

    • Nginx

  • Highest performance
  • Most documentation/tutorials
  • Manual HTTPS (with Certbot)

    • Traefik

  • Automatic service discovery from containers
  • Label-based configuration
  • Best for container-heavy setups

    • Nginx Proxy Manager

  • Nginx with a web UI
  • Click-based SSL certificate management
  • Good for non-technical users

    • Which to Choose


  • Caddy: Best default choice (automatic HTTPS, simple config)
  • Traefik: If running many containers with frequent changes
  • Nginx: If you need maximum performance or know it already

    • TinyPod uses Caddy by default.