You’re right, there’s a lot of information floating around, mostly written by people who’ve been involved with IT for a long time, so can become quite confusing for the newcomer.
First thing… You’ll need either an internet connection with a static IP address (possibly also with a registered domain pointing to your IP address), or the services of a Dynamic DNS service (such as DuckDNS, NoIP, DynU, Afraid and many others). Your client(s) will need this information in order to know where to connect to your server. I won’t go into any further detail with these as all of the DDNS providers are user-friendly and offer their own detailed guides which even a politician should be able to follow.
Let’s assume for the moment that you’ve created an account with NoIP and have gotten yourself the hostname of “
Pick a port, any port, but don’t use 8096 (for security reasons - because Jellyfin defaults to this port, miscreants out there will be hunting this port down through the 'net in an effort to find a vulnerable installation). Let’s assume you chose port
On your router, forward the following ports;
Incoming port 80 -> Jellyfin server port 80 (required for Let’s Encrypt)
Incoming port 443 -> Jellyfin server port 443 (required for Let’s Encrypt)
1337 -> Jellyfin server port
1337 (required for actual Jellyfin connections)
On the Jellyfin server, install Caddy Web Server - this will act as a reverse proxy for Jellyfin and will manage the automatic acquisition of SSL certificates from Let’s Encrypt.
Caddyfile with the following entries (refer to the instructions on the Caddy web site to determine where this file should be depending on your operating system, and edit it to suit your requirements with regard to hostname and port number);
respond ":-P" 403
respond ":-P" 403
:-P” is the plain text which will get sent to casual visitors trying to find a regular web server on your IP, along with a 403 (“Forbidden”) response code. If someone connects (using HTTPS) to port
1337, their connection will be forwarded to Jellyfin itself, and happiness will ensue.
Once you’ve saved your
Caddyfile configuration file, start or re-start the Caddy service (method is dependent on your operating system), and within 30-60 seconds you’ll have a functioning security certificate. To confirm this, use a device from outside of your network (as 99% of residential-grade routers don’t support hairpin loop-back), to browse to
https://zmanfarlee.noip.com:1337 (or whichever hostname/port combination you’ve used) - you should receive the familiar Jellyfin log-in page.
You’re now set - Caddy will automatically refresh your SSL certificate with Let’s Encrypt periodically to keep it current, and you don’t need to do any more fiddling to keep your connection from the outside world functioning.