For simple deployments, consider whether you need a reverse proxy at all.
I have IPv6 everywhere, with each service getting its own IPv6 address. Each service is managed in inetd-style (via systemd-socket-proxyd ), and so essentially listens directly.
For services that need to serve IPv4, I have a reverse proxy on my network edge that demuxes on TLS SNI to the corresponding IPv6 address.
The advantage here is never having to deal with complex applications, with their complex and changing configuration.
I have IPv6 everywhere, with each service getting its own IPv6 address. Each service is managed in inetd-style (via systemd-socket-proxyd ), and so essentially listens directly.
For services that need to serve IPv4, I have a reverse proxy on my network edge that demuxes on TLS SNI to the corresponding IPv6 address.
The advantage here is never having to deal with complex applications, with their complex and changing configuration.