You can reverse proxy to Jellyfin either with or without a config file, and either method offers automatic HTTPS if you want to use your public domain name.
If you want HTTPS, make sure your domain name's A/AAAA records are pointed at your public IP address.
If you aren't familiar with Caddy yet, check out its Getting Started guide.
The easiest way to reverse proxy to Jellyfin is with the
caddy reverse-proxy --from :5001 --to 127.0.0.1:8096
That is a simple but production-ready plaintext HTTP reverse proxy.
If you have:
- permission to bind to low ports, and
- a public domain name's DNS records pointed at your machine,
then you can serve over HTTPS just as easily:
caddy reverse-proxy --from example.com --to 127.0.0.1:8096
You will see Caddy provision a TLS certificate for your site and, if it succeeds, you can then access your Jellyfin server over HTTPS with your domain name.
If you want to use a config file, create a file called
Caddyfile, where we will put our configuration.
reverse-proxy command above is equivalent to:
:5001 reverse_proxy 127.0.0.1:8096
To get HTTPS, simply change the first line to your domain name:
example.com reverse_proxy 127.0.0.1:8096
You can serve Jellyfin only at a particular base path and not proxy all other requests.
To do this, first configure Jellyfin to use a base path: go to Admin -> Networking and in the "Base URL" field, enter a path like
/jellyfin. You might have to restart the Jellyfin server for this to take effect.
Then simply give the
reverse_proxy directive a path matcher:
example.com reverse_proxy /jellyfin/* 127.0.0.1:8096
With that config, Caddy will only proxy requests that start with
/jellyfin/ (note the trailing slash -- that is optional, but recommended).