Usually the host server has only one fixed IP. So all domains of all your dockerized services get resolved to the same IP. Somehow the server needs to know, how to route all the requests and responses to correct app. On a “normal” webserver you would be using virtual hosts to direct the traffic to the correct page. On a docker host things are a bit more complex, as each dockerized app is using it’s own webserver. So we’ll need a reverse proxy to route the traffic.
A server offering many webapps and services dealing with private data shoul be as secure as possible. An important step to achieve this, is to harden the host system.