Skip to main content

Caddy

"Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality." - Wikipedia

You can reverse proxy to Jellyfin either with or without a config file, and either method offers automatic HTTPS if you want to use your public domain name.

If you want HTTPS, make sure your domain name's A/AAAA records are pointed at your public IP address.

If you aren't familiar with Caddy yet, check out its Getting Started guide.

caution

There are a some guides that have a Caddyfile which includes a tls section with the DNS provider's API key as shown in the following example.

example.com {
reverse_proxy 127.0.0.1:8096
tls {
dns <DNS Provider> <API Token>
}
}

Please proceed with caution when using this option:

  • This will NOT automatically update your DNS records if you have a dynamic IP.
  • This is NOT required for automatic HTTPS to work in most cases.
  • Misconfiguration can lead to compromised domains and/or accounts.
  • API keys should only be granted the least permissions required for the application to function.

Please read the Let's Encrypt documentation for more info.

One-liners

The easiest way to reverse proxy to Jellyfin is with the reverse-proxy command:

caddy reverse-proxy --from :5001 --to 127.0.0.1:8096

That is a simple but production-ready plaintext HTTP reverse proxy.

If you have:

  • permission to bind to low ports, and
  • a public domain name's DNS records pointed at your machine,

then you can serve over HTTPS just as easily:

caddy reverse-proxy --from example.com --to 127.0.0.1:8096

You will see Caddy provision a TLS certificate for your site and if it succeeds, you can then access your Jellyfin server over HTTPS with your domain name.

Caddyfile

If you want to use a config file, create a file called Caddyfile for the configuration. The first reverse-proxy command above is equivalent to the following options.

:5001

reverse_proxy 127.0.0.1:8096

To get HTTPS, simply change the first line to your domain name.

example.com

reverse_proxy 127.0.0.1:8096

Subpath

You can serve Jellyfin only at a particular base path and not proxy all other requests.

To do this, first configure Jellyfin to use a base path. If you already have access to the web interface, go to Admin > Networking and enter a path like /jellyfin in the Base URL field. If not, you may instead go to <Configuration Directory>/network.xml and modify the value of <BaseUrl> according to your needs. For information on the directory location, please consult the configuration documentation. You might have to restart the Jellyfin server for this to take effect. Then simply give the reverse_proxy directive a path matcher. The path should be the same as the Base URL you entered into Jellyfin's settings. The following example is for a server that is accessible at example.com/jellyfin.

example.com

redir /jellyfin /jellyfin/
reverse_proxy /jellyfin/* 127.0.0.1:8096

With that config, Caddy will only proxy requests that start with /jellyfin/. Note the trailing slash - that is optional, but recommended.