As others have said, a reverse proxy is what you need.
However I will also mention that another tool called macvlan exists, if you're using containers like podman or docker. Setting up a macvlan network for your containers will trick your server into thinking that the ports exposed by your services belong to a different machine, thus letting them use the same ports at the same time. As far as your LAN is concerned, a container on a macvlan network has its own IP, independent of the host's IP.
Macvlan is worth setting up if you plan to expose some of your services outside your local network, or if you want to run a service on a port that your host is already using (eg: you want a container to act as DNS on port 53, but systemd-resolved is already using it on the host).
You can set up port forwarding at your router to the containers that you want to publicly expose, and any other containers will be inaccessible. Meanwhile with just a reverse proxy, someone could try to send requests to any domain behind it, even if you don't want to expose it.
My network is set up such that:
- Physical host has one IP address that's only accessible over lan.
- Containerized web services that I don't want to expose publicly are behind a reverse proxy container that has its own IP on the macvlan.
- Containerized web services that I do want to expose publicly have a separate reverse proxy container, which gets a different IP on the macvlan.
- Router has ports 80 and 443 forwarding only to the IP address for my public proxy