How to reverse proxy Jellyfin using Caddy

  1. Port Forwarding

1.1

First, you will want to make sure you have ports 80 and 443 pointed your computer/server internal IP. It will most likely look something like 192.168.1.123. If you don’t know how to port forward, I would suggest googling “Port forward on brand router” and replace brand with whatever router your using. There are too many different interfaces for me to breakdown in this guide, so you’ll be on your own for this. Whichever the case though, you do NOT want to port forward the service's port(eg: 8096).

1.2

This section is not applicable to Jellyfin

While were at it, for Emby, you’ll want to go to your servers dashboard and click Network. From here, scroll down to “Secure connection mode” and select handled by reverse proxy in the drop-down. Save and restart the service.

1.3

One thing to mention is that you might have to make sure ports 80 and 443 are also allowed through your firewall. You may or may not need to do this depending on your OS, but it probably wouldn’t hurt to do it anyways. You can start by opening start and typing Firewall, and selecting Windows Defender Firewall. From here, you want to click Advanced Settings on the left side, and this should bring up a new window called Windows Defender Firewall with Advanced Security. Now click on Inbound Rules, then on the right side you want to click New Rule. Make sure the Port radial button is selected and click Next, TCP should be checked by default, same as Specific local ports. Type in 80, 443 and click Next. On this screen, for my rule, I selected Allow the connection and hit Next. This screen you can choose which network profiles you want this to apply to, I selected all of them even though its Private. Name your profile whatever you may choose and click Finish.

2. DNS

So now that we got the proper ports forwarded, we’ll want to get a DNS redirect setup. For this guide, I’ll be using NoIP.com as the example. Others suggest DuckDNS, but I’m too lazy to create an account for them. The process is probably very close though.

2.1

Create an account at noip.com. Once logged in, click Dynamic DNS on the left menu. Underneath the 0 of 3, click “Add a Hostname”. At this screen, you can choose your hostname and domain, you want the record type as “DNS Host (A)” which is default, for the “IPv4 Address” it should auto generate your current IP. You can double check this by going to Google or DuckDuckGo and searching what is my ip. If its correct, go ahead and create hostname. Remember the hostname you created, it should be something like “example.ddns.net”.

The above ONLY works if you have a static IP. If you have a dynamic(changing) IP, you’ll need download their “Dynamic Update Client”. Again, you are on your own for getting this to work because I haven’t had a need to use it. I would assume you just login to your NoIP account.

3. Caddy Server v2

3.1

Now, you’ll want to download Caddy Server (https://caddyserver.com/). This guide is written for Caddy v2.

3.2

You should now have a zip file downloaded. Create a folder on your root C drive called Caddy and extract the files/documents from the zip to the folder you just created. Open the Caddy folder and create another folder called logs.

3.3 Caddy File

Now what you’ll want to do is create a caddy file, which is the caddy config file. Open the Caddy folder and create a new text file. Rename it it Caddyfile and be sure it doesn’t have an extension. If you can double click it and it opens in Notepad, it still has an extension.

For eases sake, I have 2 versions you can Copy/Paste from.

Media Server only: https://pastebin.com/9MCkLFyX

Media and other services: https://pastebin.com/tMTBL5P5

Mirror in case Pastebin has a bad time: https://drive.google.com/drive/folders/1UE-Fde18Lh5RSAzk_TAmsQzTY7rotooP?usp=sharing

For this guide, I will use the Media server only example. Copy the text into your Caddyfile. Now remember your hostname that you created earlier? Copy the hostname and replace emby.xxx.org with it. Now assuming you haven’t changed default Emby/Jellyfin ports AND these servers are on the device that is running caddy, you can leave localhost:8096. If you have changed your ports or the service is running on another machine, replace localhost with the internal IP of the machine and/or replace 8096 with which ever port your service is running on. Save the file and close it.

3.3.1 Caddy File Email (optional)

Adding your email to the config file Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates. (Source) The below snippet MUST be the first 3 lines of your Caddyfile config, and you must manually add it to your config file.

{
email you@example.com
}

Note: An issue was brought to my attention stating that this email needs to be the same as the one you registered on NoIP with. However, I did not have this issue in v1 Caddy as I used 2 separate emails for my NoIP account and the Let’s Encrypt email. This may be a v2 thing I was not aware of, but I wanted to add it just in case it was happening to someone else.

3.4 Logs

If you are using my examples, they are coded to write logs, just like my v1 guide was. Make sure to change the name in the file name to whatever service you are wanting to use. Reasoning behind this step is to self audit who connects to your server.

4. Starting Caddy

Now we should have the reverse proxy setup, we’ll go ahead and start up the new version of Caddy. Caddy v2 changed the way it starts up, so we have to create a bat file to start it up. Create a new text file called Start Caddy in the Caddy folder, and open it up. In this file you simply want to paste the following:

cd C:\caddy
caddy run

Once done, save the file and close. Now rename the file to Start Caddy.bat. With v2, if something has an issue with the config, it will tell you what the issue is, but you’ll still have to figure out how to fix it. If its setup correctly AND/OR you are upgrading from v1 Caddy, it will reacquire new certificates. You’ll know the reverse proxy is set up properly once you see the message

2020/05/05 02:19:54.617 #[34mINFO#[0m   serving initial configuration

Once you successfully run caddy and it has a good time with your config file, Caddy will ask you to enter your email address. You can enter a real one or a fake one, but this is for your Lets Encrypt certificate. I chose to enter a real email address. Note: I didn’t have to do this when I upgraded to Caddy v2, but I felt this was appropriate to keep in the v2 guide

5. Testing

You can test this by using your cellphone that is connected to your carriers internet and not your WiFi(dO yOu GuYs NoT hAvE pHoNeS?) and navigating to the hostname you created earlier.

Once you have this all successfully done this and Caddy is fully functional, you will have to add a new server on whichever app you are using (eg: Jellyfin for TV or Android app). When you add the server, use the hostname you entered earlier, but it HAS to be entered as https://example.ddns.net and delete the port number. Take note on the https://. I’ve also encountered that in some instances if a port is required, you can enter port 443.

Now that you have all that setup, go ahead and experiment with other services if you have them running, but you wouldn’t dare use sonarr or other similar services to acquire linux iso’s right?

6. Start Caddy as service (optional)

Thanks to /u/snarebusch for base instructions.

This will create a service that will automatically start and run in the background when your machine starts up, so you shouldn’t have to manually touch this again unless something changes.

6.1

Download NSSM

Extract “nssm.exe” from the “win64” folder into a folder named “NSSM” (I extracted mine to C:\NSSM) Open up command prompt as administrator and navigate to the NSSM folder directory. eg:

cd c:\NSSM

Enter

nssm install Caddy

A box should pop up. Set the path to your “Start Caddy.bat” file. Go to the Log on tab and log on with a username and password (Use the Administrator account. Click the “Install service” button.

Back in your command prompt window type

nssm start Caddy

The service should start and shouldn’t have to manually touch this again unless something changes.

7. Closing

If you have any questions, drop a line below and I’ll do my best to help.

I am a lousy careless techfanatic.But I have passion and a love for technology.