So after some testing, I got things to work:
-my router needs port 443 forwarded only.
-jellyfin needs no https enabled or setup
-my caddyfile:
subdomain.duckdns.org {
reverse_proxy 127.0.0.1:8096
}
without the :8096 it doesn't work. So, from what I understand:
(internet) - browser or app tries to access subdomain.duckdns.org (without port argument). This defaults to port 443 requested (invisibly).
this request goes to duckdns name server, which looks up my IP in its record and sends the request to my IP
My router sees the request on port 443, and forwards it through to my server.
my server, running caddy as a reverse proxy, sees this request and forwards *everything*? to localhost on port 8096.
Jellyfin server receives the request, forwarded to port 8096, and stripped of the secure layer, and responds.
The SSL layer is happening between caddy and the client user, as far as jellyfin is concerned it's a plaintext unencrypted session.
Is that understanding correct?
-my router needs port 443 forwarded only.
-jellyfin needs no https enabled or setup
-my caddyfile:
subdomain.duckdns.org {
reverse_proxy 127.0.0.1:8096
}
without the :8096 it doesn't work. So, from what I understand:
(internet) - browser or app tries to access subdomain.duckdns.org (without port argument). This defaults to port 443 requested (invisibly).
this request goes to duckdns name server, which looks up my IP in its record and sends the request to my IP
My router sees the request on port 443, and forwards it through to my server.
my server, running caddy as a reverse proxy, sees this request and forwards *everything*? to localhost on port 8096.
Jellyfin server receives the request, forwarded to port 8096, and stripped of the secure layer, and responds.
The SSL layer is happening between caddy and the client user, as far as jellyfin is concerned it's a plaintext unencrypted session.
Is that understanding correct?