diff --git a/.vscode/cspell_custom.txt b/.vscode/cspell_custom.txt
index 8f9b9ec..cd79d64 100644
--- a/.vscode/cspell_custom.txt
+++ b/.vscode/cspell_custom.txt
@@ -1,3 +1,4 @@
 devcontainer
 minica
+rvproxy
 ublue
diff --git a/README.md b/README.md
index beae138..a92dede 100644
--- a/README.md
+++ b/README.md
@@ -27,12 +27,18 @@ We use a [Minica](https://github.com/jsha/minica) as simple CA to generate a
 key pair and a root certificate for `*.ublue.local`. The wildcard certificate is
 then made available to all other components and are valid for 2 years and 30 days.
 
+### Reverse Proxy
+
+As an entry point for all components we use [Caddy](https://caddyserver.com/) as
+a reverse proxy. Based on URL routing it will redirect the traffic to the
+right container instance.
+
 ### Container Registry
 
 As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/)
 implementation for storing and distributing container images
 
-The container registry is available at `registry.ublue.local:9001`
+The container registry is available at `registry.ublue.local`
 
 ## Firing Up the Forge
 
diff --git a/forge-pod.yml b/forge-pod.yml
index 145f9e8..4e466f2 100644
--- a/forge-pod.yml
+++ b/forge-pod.yml
@@ -10,10 +10,26 @@ spec:
     - name: ublue-os_forge-minica-pvc
       persistentVolumeClaim:
         claimName: ublue-os_forge-minica
+
     - name: ublue-os_forge-registry-pvc
       persistentVolumeClaim:
         claimName: ublue-os_forge-registry
+
   containers:
+    - name: rvproxy.ublue.local
+      image: rvproxy
+      resources:
+        limits:
+          memory: 128Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+      ports:
+        - containerPort: 443
+          hostPort: 443
+          protocol: TCP
+
     - name: registry.ublue.local
       image: registry
       resources:
@@ -28,8 +44,8 @@ spec:
           name: ublue-os_forge-registry-pvc
       ports:
         - containerPort: 5000
-          hostPort: 9001
           protocol: TCP
+
   initContainers:
     - name: minica.ublue.local
       image: minica
diff --git a/rvproxy/Caddyfile b/rvproxy/Caddyfile
new file mode 100644
index 0000000..76cb80e
--- /dev/null
+++ b/rvproxy/Caddyfile
@@ -0,0 +1,28 @@
+# Global options
+{
+        auto_https disable_certs
+        persist_config off
+}
+
+# Reverse-proxy configuration
+*.ublue.local {
+        ## TLS certificates
+        tls /certs/_.ublue.local/cert.pem /certs/_.ublue.local/key.pem
+
+        # container registry
+        @registry host registry.ublue.local
+
+        handle @registry {
+                reverse_proxy ublue-os_forge-registry.ublue.local:5000 {
+                        transport http {
+                                tls
+                                tls_trusted_ca_certs /certs/minica.pem
+                        }
+                }
+        }
+
+        # Fallback for otherwise unhandled domains
+        handle {
+                respond "Bad hostname" 400
+        }
+}
\ No newline at end of file
diff --git a/rvproxy/Containerfile b/rvproxy/Containerfile
new file mode 100644
index 0000000..e8171f9
--- /dev/null
+++ b/rvproxy/Containerfile
@@ -0,0 +1,5 @@
+# Source Image
+FROM docker.io/library/caddy:2.6.4-alpine
+
+# Add configuration file
+COPY ./Caddyfile /etc/caddy/Caddyfile