Caddy

"Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality." - Wikipedia

You can reverse proxy to Jellyfin either with or without a config file, and either method offers automatic HTTPS if you want to use your public domain name.

If you want HTTPS, make sure your domain name's A/AAAA records are pointed at your public IP address.

If you aren't familiar with Caddy yet, check out its Getting Started guide.

One-liners

The easiest way to reverse proxy to Jellyfin is with the reverse-proxy command:

caddy reverse-proxy --from :5001 --to 127.0.0.1:8096

That is a simple but production-ready plaintext HTTP reverse proxy.

If you have:

  • permission to bind to low ports, and
  • a public domain name's DNS records pointed at your machine,

then you can serve over HTTPS just as easily:

caddy reverse-proxy --from example.com --to 127.0.0.1:8096

You will see Caddy provision a TLS certificate for your site and, if it succeeds, you can then access your Jellyfin server over HTTPS with your domain name.

Caddyfile

If you want to use a config file, create a file called Caddyfile, where we will put our configuration.

The first reverse-proxy command above is equivalent to:

:5001

reverse_proxy 127.0.0.1:8096

To get HTTPS, simply change the first line to your domain name:

example.com

reverse_proxy 127.0.0.1:8096

Subpath

You can serve Jellyfin only at a particular base path and not proxy all other requests.

To do this, first configure Jellyfin to use a base path: go to Admin -> Networking and in the "Base URL" field, enter a path like /jellyfin. You might have to restart the Jellyfin server for this to take effect.

Then simply give the reverse_proxy directive a path matcher:

example.com

reverse_proxy /jellyfin/* 127.0.0.1:8096

With that config, Caddy will only proxy requests that start with /jellyfin/ (note the trailing slash -- that is optional, but recommended).