A reverse proxy is a server that sits in front of one or more backend application servers, accepts incoming client requests, and forwards them to the right backend based on hostname, URL path, or other request attributes. It typically also handles TLS termination, gzip/brotli compression, basic rate-limiting, request logging, and HTTP-to-HTTPS redirects. The "reverse" in the name distinguishes it from a forward proxy: a forward proxy is configured by the client to reach external hosts, while a reverse proxy is configured by the host operator to receive client traffic.

In a self-hosting context

When you self-host more than one application on a single VPS, a reverse proxy is what lets all of them share the same port 443 under different hostnames (mattermost.example.com, files.example.com). Caddy is the easiest choice — a 20-line config file gets you auto-renewing Let's Encrypt TLS for everything. Nginx is more battle-tested and the default in many compose stacks; Traefik integrates natively with Docker labels. PaaS-style wrappers like CapRover and Coolify bundle a reverse proxy out of the box so you do not have to configure one by hand.