I'm sorry, never did manual configuration of traefik. It's used at my employers in a Kubernetes installation where Kubernetes itself makes basic configuration of traefik (or perhaps Kubernetes admin did it once), while forwarding to backend containers is done automatically when starting those backend containers (it's a kind of magic ;-) ).
IMO the simplest configuration for "simple" reverse proxy is for HAproxy. I'm mostly using debian linux and default configuration only needs minor additions like this:
# create a HTTP frontend, listening on port 80. It has to capture headers to get the Host header
frontend http_frontend
bind *:80
http-request capture req.hdr(Host) len 100
# ACLs which define which backends should be used
acl acl_myNAS req.hdr(Host) MyNAS.XYZ.com
acl acl_myBLOG req.hdr(Host) MyBlog.XYZ.com
# so which backends are used?
use_backend backend_myNAS if acl_myNAS
use_backend backend_myBLOG if acl_myBLOG
# define default backend to be used if none of ACLs catch the call
default_backend backend_myBLOG
# Backend definitions. servers can be either defined using name, FQDN or IP address
# HAproxy can be load-balancer as well, to use this functionality define multiple servers
# and set "balance roundrobin" (or any other balance strategy)
backend backend_myNAS
server myNAS mynas.local.lan:80 check maxconn 10
backend backend_myBLOG
server myBLOG myblog.local.lan:8080 check maxconn 100
If you'd be terminating SSL on HAproxy, you'd define another frontend, this time bound to *:443, with same ACLs and additional settings to instruct HAproxy which server certificate to use. It would use same backends, so myBLOG and myNAS would always serve contents over plain http to HAproxy (that is hidden from remote user). Or you could configure backends to be used via https (but IMO that's waste of resources as long as backend servers are in network which you trust or control).
ACLs used to classify requests to select correct backend are very flexible. This example makes distinction based on host name included in HTTP requests. It is possible to make distinction also based on the rest of URL requested etc. It is also possible to alter URL requested if document hierarchy on the backend server is not the same as presented through frontend server. Example would be:
www.domain.com/department1/ is served by backend server department1.domain.com/ and
www.domain.com/department2/ is serverd by backend server department.domain.com/ ...
A note: backend servers will of course see frontend as their (direct) client. However most (if not all) reverse proxies insert additional HTTP header "X-Forwarded-For" and it's a matter of minor configuration tweak on backend servers to add this info to log files.