ServerName DOMAIN.TLD # Comment to prevent HTTP to HTTPS redirect Redirect permanent / https://DOMAIN.TLD/ ErrorLog /var/log/apache2/tv-error.log CustomLog /var/log/apache2/tv-access.log combined # If you are not using a SSL certificate, replace the 'redirect' # line above with all lines below starting with 'Proxy' ServerName DOMAIN.TLD # This folder exists just for certbot (You may have to create it, chown and chmod it to give apache permission to read it) DocumentRoot /var/www/certbot ProxyPreserveHost On # Letsencrypt's certbot will place a file in this folder when updating/verifying certs # This line will tell apache to not to use the proxy for this folder. ProxyPass "/.well-known/" "!" # Tell Jellyfin to forward requests that came from TLS connections RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" ProxyPass "/socket" "ws://192.168.0.13:8096/socket" ProxyPassReverse "/socket" "ws://192.168.0.13:8096/socket" ProxyPass "/" "http://192.168.0.13:8096/" ProxyPassReverse "/" "http://192.168.0.13:8096/" SSLEngine on SSLCertificateFile /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem Protocols h2 http/1.1 # Enable only strong encryption ciphers and prefer versions with Forward Secrecy SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5 SSLHonorCipherOrder on # Disable insecure SSL and TLS versions SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 ErrorLog /var/log/apache2/tv-error.log CustomLog /var/log/apache2/tv-access.log combined