Jellyfin Forum
dynamic ip, caddy, ssl - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: dynamic ip, caddy, ssl (/t-dynamic-ip-caddy-ssl)

dynamic ip, caddy, ssl - GordonShumway - 2025-10-24

I have been port forwarding 8096 through my firewall for external watching of JF and using the JF authentication, but I would like to figure out reverse proxy.  I have a dynamic DNS (freemyip.com) and would like to have jellyfin.mydomain.freemyip.com resolve to my internal IP of 192.168.0.158:8096 (the JF server).

My JF server does not have an ssl certificate.  When I tried to create a reverse proxy entry in the Caddyfile my firewall is showing two things: first every http request from ever external device (i.e. my Android, my friend's laptop) is being rewritten to https and second that /var/log/messages is showing complaints about not having set an email address for Zerossl so I'm pretty sure I am missing some parts here.

If every web request is going to rewrite to https should I get an ssl cert for JF before I play with Caddy? O is it the Caddy instance that needs the ssl cert?  I am assuming that all requests will now be https, at least from the firewall to Caddy, but what about from Caddy to JF?  Since I am "not planning" to expose any other services I don't have a problem with installing Caddy on the JF server.  Or should it be on a separate server/docker?  I have seen a few videos on this and I'm sorry to say that although they claim to be for beginners they are poorly orchestrated (yeah, I'm an IT guy and I know how to write doc to communicate complex ideas to noobs).  Any help would be appreciated.

GS

RE: dynamic ip, caddy, ssl - maloutx - 2025-11-14

Hi
Can you share your caddy configuration file ?
By default, caddy does automatically uses https, so it's normal that every outside request gets rewritten to https.
But caddy is also able to handle the ssl certificate and it does that very easily, as long as you provide your email address in the caddy config file (however, I think it uses let'sencrypt by default, not zerossl).
You should simply have something like that in your config :

Code:
jellyfin.mydomain.freemyip.com {
    tls address@youremail.com
        header Strict-Transport-Security max-age=31536000
    reverse_proxy 192.168.0.158:8096
}


Hope that helps