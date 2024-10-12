A reverse proxy is a server configured on a local area network (LAN) to direct traffic, primarily web browser requests. It's similar to a proxy server in that client requests are intercepted and handled by the server when connecting to other destinations. It's how proxies (and VPNs) can get around geographical restrictions by routing traffic through different locations. Instead of communicating directly with the end server, traffic is passed through a proxy and the same happens with a reverse proxy, but instead of handling outbound traffic from clients on the LAN, the reverse proxy handles external inbound requests.

What are forward and reverse proxies?

Intercepting requests as the middleman

So, instead of the proxy protecting specific clients on the network, a reverse proxy sits in front of servers available to the outside world. When an inbound request passes to or through the router (depending on where the reverse proxy server is running), it's intercepted by the reverse proxy when specified rules match. This prevents the external client and your server from directly communicating with one another, which can help bolster security and accessibility. When using reverse proxies, the client sending the request will be none the wiser and assume they're connecting directly to the destination server.

A reverse proxy is a great addition to a homelab setup where you need external access. Instead of opening up ports on your router, a reverse proxy limits access to specific services on a device. It's very much like an extra router within the LAN. This is great for opening up access to multiple devices without sacrificing security. Using a single entry point for traffic can allow quick changes, check logs for issues, and easier general management.

Where a reverse proxy can be useful

Creating your dream homelab

Let's say you wish to set up a Jellyfin server and host a Vaultwarden instance to manage all your passwords. Accessing either instance internally is easy with an IP and port, but what if you wish to access the two servers when not at home? Sure, you could configure your network to allow inbound traffic and open up ports to the system but I'd recommend against this. Instead, a reverse proxy can be used with a dynamic domain name service (DDNS). You can create a myfamilynetwork.com domain for your LAN and configure the DDNS to update the service with your dynamic IP.

That allows any device to connect to your LAN using the domain and a reverse proxy can then take specific requests and transfer them to each server. For instance, jellyfin.myfamilynetwork.com can be directed to the Jellyfin server and vaultwarden.myfamilynetwork.com can go to the Vaultwarden server. Even if they're on the same system, a reverse proxy can use an IP and port, allowing you to configure multiple services on a single server. When configuring an app or attempting to load either server through a browser, using either domain name will load everything up.

There are some other benefits to using a reverse proxy server, including load balancing and data encryption. For internal-only access, a reverse proxy can work with a DNS server on the LAN to configure various servers and services for specific domains, such as network.lan.