Anyone who's had to connect to a corporate computing network knows about forward proxies, otherwise known as VPNs. They're also an important tool for online privacy, and we often recommend setting one up on your router so that all your outgoing traffic is encrypted.

Proxies don't just work one way, however, and reverse proxies protect the traffic coming into your home network. They're awesome for self-hosting your own services because they sit between the wider internet and your home network, giving you another layer of security while also taking over some of the network functions that could slow your self-hosted apps down. Plus, they provide a single point of contact when you want to access your self-hosted services when you're away from your home network, which makes everything easy.

5 Protection from attacks

Keep your self-hosted services safer from danger

Close

Network security is paramount when opening your self-hosted services to the wider internet, and the more layers you can add between the two, the better. Since a reverse proxy sits in between your internal network and the internet, no information about those backend servers or services is visible to outside attackers. It also means that any scans will show a single IP address, which makes it look like you're a normal home user. That makes it hard for attackers to map out your network to determine what's worth further effort so they might move on to easier targets.

But a reverse proxy enables more than security through obscurity. Many reverse proxies include features that reduce the effectiveness of distributed denial-of-service (DDoS) attacks, like rate-limiting and rejecting traffic from individual IP addresses. You also get load balancing, which reduces the chances that an attack will take down your whole network. That's perhaps more important for enterprise users, but it still matters to home lab users who don't want their server structure known.

Plus, you can add some sort of authentication to the public-facing side of your reverse proxy so that only devices with the correct credentials can connect. Adding a service like Authelia will make this process much easier, and you can create custom landing pages to show after login with easy access to the self-hosted services.

4 SSL encryption

Use your reverse proxy to free up resources on your server

Screen full of alphanumerics depicting encryption and the word password emphasized by a magnifying glass

No matter what hardware you use to build your home server, once you start self-hosting apps, adding containers, and performing other tasks, the demands on your hardware increase. Then, when you start connecting to those services with your client devices, your server has to handle decrypting and encrypting SSL (or TLS) communications between them. That eats up CPU time for everything else, which isn't an optimal solution even for home labbers.

But with a reverse proxy in the mix, you can offload the SSL decryption and encryption to the proxy server. No more computational load is needed on the server or servers running your self-hosted services, which can be a huge deal, especially if you're running things on a relatively low-power NAS device. The security of your network and your data is still preserved, as the only unencrypted communications happen on your home network, which is mostly unencrypted anyway under normal circumstances.

Related 4 reasons your cloud provider should be using end-to-end encryption Using zero knowledge architecture and E2EE makes the web safer for everyone.

3 Simplified administration

Point services to your reverse proxy instead of individually configuring port forwards