What does a reverse proxy do?
A reverse proxy is the front desk. Every request from the outside arrives at it first, and it decides which service in the back should answer, then hands the response back to the caller. The visitor only ever talks to the proxy; the real services sit behind it, often on a private network, never exposed directly.
That single choke point is the whole value. Because all traffic passes through one place, that one place is where you do the cross-cutting work: terminate TLS and serve the certificate, route by name or path so several services share one public address, apply access rules and rate limits, and write one coherent log. The services behind it can stay plain, each doing its own narrow job.
How is it different from a forward proxy?
The names confuse people. A forward proxy sits in front of clients going out: it fronts the people making requests, often to filter or anonymise their outbound traffic. A reverse proxy sits in front of servers coming in: it fronts the machines receiving requests. Same idea of a middleman, opposite direction.
For self-hosting, the reverse proxy is the one you reach for constantly. It is how you put a clean, encrypted public face on a set of services that, behind it, are just processes listening on local ports. It routes; it does not filter the network like a firewall, and it does not resolve names like DNS. It is the front desk, and it does the front desk’s job well.