Jellyfin Forum
Access your Jellyfin anywhere with Caddy - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Guides, Walkthroughs & Tutorials (https://forum.jellyfin.org/f-guides-walkthroughs-tutorials)
+--- Thread: Access your Jellyfin anywhere with Caddy (/t-access-your-jellyfin-anywhere-with-caddy)

Pages: 1 2


Access your Jellyfin anywhere with Caddy - matt - 2023-06-19

You can make your Jellyfin accessible anywhere over HTTPS using Caddy as a reverse proxy. It also manages your TLS certificates for you.

This tutorial assumes you have Jellyfin installed already and are familiar with domain names, the command line, etc. You can host it at home or on a hosting service, but there are more steps if you're at home. This tutorial is a simplified version of this tutorial at the Caddy wiki and made specific for Jellyfin.

This tutorial assumes IPv4 but you're welcome to use IPv6 if you can.

Public IP required

First, check with your ISP to ensure you have a public IP address. It can be static or dynamic, but if it's dynamic I'll show you later how to update your DNS records when it changes.

If you're on a hosting service, you probably already have a public IP (but sometimes they cost extra).

If you do not have an ISP or know who they are (e.g. your apartment complex manages your Internet for you), contact your network administrator.

If your ISP uses CGNAT (carrier-grade NAT), you do not have a public IP address. In that case, you will need to exit this tutorial and use something like Ngrok, or my personal favorite: Tailscale.


Configure your domain

Make sure your domain's DNS records point to your current IP address. This means an A record with the value being the IPv4 address of your Jellyfin host. You can use AAAA for IPv6.

If you have a dynamic IP address, then I highly recommend that you choose a DNS provider with an API for managing DNS records. This way, Caddy can update your DNS records for you when your IP changes (explained below).

Configure Jellyfin

The minimal configuration to make this work is as follows:

In your Jellyfin Administration area, go to the Networking page. Then check the box that says "Allow remote connections to this server." Save changes.

That should be all you need to start. However...

If you are serving Jellyfin alongside other apps or endpoints on your domain, you may want to serve Jellyfin in a subfolder so that it doesn't occupy the entire root of your domain. To do that, specify the path in the "Base URL" field (e.g. /jellyfin) and remember this for later.

Configure router/firewall

If you're at home as opposed to a hosting service, it's your responsibility to ensure connections from the outside can get inside. On a home network, this is typically disabled by default for obvious security reasons. However, your router/firewall should support "port forwarding" which allows you to have it forward data on a specific port to a specific machine within your network. The idea is to allow traffic from the outside into a specific machine and port on the inside.

So if your Jellyfin (and soon, Caddy) host is on your LAN IP of 192.168.1.4, you would forward external ports :80 and :443 to internal 192.168.1.4:80 and 192.168.1.4:443, respectively. The external and internal ports don't have to match. For example, you could have Caddy bind to higher ports like 9080 and 9443 and forward from :80/:443 to :9080/:9443 instead. This can be useful if you don't want to bind to low ports on your Jellyfin/Caddy host.

When you apply your changes, those ports on your machine will be accessible to the world! So make sure nothing is currently listening on the port(s) you forward to on your host machine!

If you're on a public web host, verify whether your machine is already publicly reachable or if you need to do something similar and allow ports through a firewall.

Install Caddy

Caddy will be your reverse proxy. It obtains and renew your TLS certificates for you, establishes secure connections with clients outside your network, and proxies them to your local Jellyfin instance. It will be on the listening/receiving end of your port forwarding you may have just configured.

Install Caddy on the same host as Jellyfin.

Before continuing, ensure your DNS records are correct and that your machine is reachable from the outside! Otherwise, Caddy will fail when trying to get a certificate for your domain.

Once you're sure your DNS and network/firewall are good to go, the quickest way to be up and running is with a single command:

Code:
$ caddy reverse-proxy --from example.com --to 127.0.0.1:8096

(Replace example.com with your domain name.)

If you get permissions errors, make sure you have permission to bind to low ports. On Linux, you can do this with:
Code:
sudo setcap cap_net_bind_service=+ep $(which caddy)

You should see Caddy provision a certificate for you. At that point, you can access your Jellyfin with your domain name.

And that's all! ... well, sort of. Do not stop here!

The
Code:
caddy reverse-proxy
command blocks until you exit, and it won't run in the background when you start your computer.

Instead, use a Caddyfile with this config, again replacing your actual domain name:

Code:
example.com
reverse_proxy 127.0.0.1:8096

If you instsalled Caddy with a package manager or as a system service, you probably have a Caddyfile that Caddy is already configured to use (e.g. /etc/caddy/Caddyfile). Consult the package's documentation to be sure. If so, you can simply use that. If not, you'll need to make sure Caddy is running as a system service.

Then, start or reload Caddy with your new configuration.

Verify that it worked, and then your Jellyfin instance should be accessible from your domain name yet again -- but this time, Caddy is running in the background and will run when your computer starts.


Dynamic IP address

If you do not have a static IP address, you'll want your DNS to automatically point to your new IP when it changes so you can keep accessing Jellyfin.

Caddy has a dynamic DNS plugin that does this for you.

In addition to this plugin, you'll need a plugin that integrates with your DNS provider. All those plugins are here: https://github.com/caddy-dns - if your DNS provider is not listed, it's your opportunity to contribute!

Anyway, you can use Caddy's download page, xcaddy, or
Code:
caddy add-package
to install those 2 plugins.

Then, after replacing your Caddy binary, add this to the very top of your config file (or augment your global options block if you already have one):

Code:
{
     dynamic_dns {
         # replace with your DNS provider's plugin name and credentials
         provider cloudflare secretAPIToken123
         domains {
             # DNS zone first, followed by subdomain if any (I know it's weird)
             example.com jellyfin
         }
    }
}

The comments tell you what to replace: the line that configures the DNS provider credentials, and the line that configures your domain name.

Hopefully the line for your DNS provider is fairly obvious. Check the docs for your provider plugin for exact syntax/requirements.

The line for your domain name may look funny. This example is for
Code:
jellyfin.example.com
, but notice that you specify the root of the zone first (
Code:
example.com
) followed by a space, then the subdomain (if any).

Restart your Caddy instance, and check the logs to make sure it worked. Now, Caddy will keep your DNS pointed at your machine even if your IP changes.


RE: Access your Jellyfin anywhere with Caddy - iNfRaSoNiC - 2023-06-21

Great guide, thank you!


RE: Access your Jellyfin anywhere with Caddy - twinkybot - 2023-08-10

Out of curiosity. Is php-fpm not needed?

My entry in the CaddyFile looks like this:

Code:
subdomain.domain.org {
        php_fastcgi unix//run/php/php8.2-fpm.sock
        reverse_proxy :8096
}



RE: Access your Jellyfin anywhere with Caddy - DeathLeprous1988 - 2023-09-04

Is there a way to access your Jellyfin server remotely without port forwarding? I am not able to open ports on my router.


RE: Access your Jellyfin anywhere with Caddy - Syntax - 2023-09-05

(2023-09-04, 11:46 AM)DeathLeprous1988 Wrote: Is there a way to access your Jellyfin server remotely without port forwarding? I am not able to open ports on my router.

ngrok
probably easiest, not self hosted. Great for "I want it live now and I'll do it right later!". I never use this, but I've seen people use it for media servers when lazy.


You can SSH tunnel through a VPS (that would be my move, make sure to secure it!), you can also use Wireguard, ZeroTier, Talescale, or other similar methods.
There's a lot of overlap with your needs and the needs of users with CGNAT, so google that if you're hunting around for a solution.
Some VPN providers have a port forwarding option built in and offer a dedicated IP, but they are usually a monthly upsell.

Edit
Thread here
https://forum.jellyfin.org/t-mega-reverse-proxy-jellyfin-tutorials


RE: Access your Jellyfin anywhere with Caddy - thubbe - 2023-09-06

This might be me being dumb but I cant figure out how to set up with my current configuration. I currently run xampp on a windows computer for random web projects I do and run jellyfin on the same computer. I already have the xampp server setup to the point where it runs https and has an SSL certificate. I really want to access jellyfin by either jellyfin.domain.com or domain.com/jellyfin but I cant manage to set it up.


RE: Access your Jellyfin anywhere with Caddy - zoOe - 2023-09-25

Thank you for this guide, was very easy to follow. Does this make sure that streams will be https only also and does caddy renew the certificate by itself?


RE: Access your Jellyfin anywhere with Caddy - VP Lex - 2023-12-06

I am not sure this tutorial helps. I cannot find any tutorial that actually works. I also have the same problem of not able to access my jellyfin server with caddy and duckdns outside home network.

I installed jellyfin (docker), using port 8096 (http) and 8920 (https). I created some domains in duckdns and points towards my router's public ip address. I have forwardded 8123, 80, 443, 8096, 8920, etc in router to my home server ip addresses. I created Caddyfile with

<domain>.duckdns.org
reverse_proxy 127.0.0.1:8096

Now, the <domain>.duckdns.org is working within home network but not from outside

Am I missing something?

These are the steps:
1. Register a domain in duckdns.org. say myjellyfin.duckdns.org points to my public ip
2. Install jellyfin docker and run it. (8096 and 8920 for http/s respectively) localhost:port works fine
3. Install Caddy. create Caddyfile with this content:

myjellyfin.duckdns.org
reverse_proxy 127.0.0.1:8096


4. using browser, jellyfin clients, check if https://myjellyfin.duckdns.org works. It works, in internal/home network
5. Disconnected mobile from home network and tried to open https://myjellyfin.duckdns.org. It doesnt work.
reverse_proxy 127.0.0.1:8096


RE: Access your Jellyfin anywhere with Caddy - DemonWarrior - 2023-12-07

(2023-12-06, 11:58 PM)VP Lex Wrote: I am not sure this tutorial helps. I cannot find any tutorial that actually works. I also have the same problem of not able to access my jellyfin server with caddy and duckdns outside home network.

I installed jellyfin (docker), using port 8096 (http) and 8920 (https). I created some domains in duckdns and points towards my router's public ip address. I have forwardded 8123, 80, 443, 8096, 8920, etc in router to my home server ip addresses. I created Caddyfile with

<domain>.duckdns.org
reverse_proxy 127.0.0.1:8096

Now, the <domain>.duckdns.org is working within home network but not from outside

You used your router internal ip not your external ip trying using the ip from here. https://ipchicken.com


RE: Access your Jellyfin anywhere with Caddy - VP Lex - 2023-12-07

(2023-12-07, 12:21 AM)DemonWarrior Wrote: You used your router internal ip not your external ip trying using the ip from here. https://ipchicken.com

I changed my Caddyfile to

<domain>.duckdns.org
reverse_proxy <public_ip>:8096

Still doesn't work internally nor externally.

atleast 127.0.0.1 works internally.

127.0.0.1 & 192.168.X.X works in caddyfile but not public ip.

I can do https://<public_ip>:8920 and access jellyfin server from outside. it is accessible. means port forwarding, jellyfin all works fine.
I need it to connect to duckdns and caddy to get some ssl certificate to make it work with jellyfin clients.

duckdns also points to the same public ip.