Guide for setting up the Jellyfin HTTPS settings on a windows machine

[AlllPHA]

First of all NOOB here regarding this stuff but can follow instructions to the point if given clearly. 

 

Need help setting up the HTTPS settings for my server for which I don't even know where to begin?

 

there are guides but almost all of them are for Linux and if they are for windows they are not clear and jump a lot of steps. So need a guide for windows user

 

My current use is just limited to just a couple of machines on my local network but I do have to travel from time to time and not having that padlock up there in the address bar bothers me so that's why.

 

P.s. I do have a .com domain which I use for my online business and if needed be I that can be used somehow (I don't know how useful this info will be)

[HanZie82]

Whats your knowledge about DNS and port forwarding?
Also you might have to set up a Dynamic DNS thing so the chaging IP your ISP gives you keeps pointing to the same network ie yours.

[AlllPHA]

Just now, HanZie82 said:

Whats your knowledge about DNS and port forwarding?
Also you might have to set up a Dynamic DNS thing so the chaging IP your ISP gives you keeps pointing to the same network ie yours.

nothing tbh but I saw guide and it said i needed to "Port Forward your router" but my ISP given router setting are SUPER basic, basically I can change the wifi passwords and Reboot the device but I am sure if I contact support they can do something.

but to answer your question I don't know nothing. 

[HanZie82]

3 minutes ago, AlllPHA said:

nothing tbh but I saw guide and it said i needed to "Port Forward your router" but my ISP given router setting are SUPER basic, basically I can change the wifi passwords and Reboot the device but I am sure if I contact support they can do something.

but to answer your question I don't know nothing. 

I'm sorry i cant help you with a step by step guide as i've not found any for Windows.
Kinda in the same boat, but i do know a little about networking.

But if your ISP wont let you forward ports, might be little to do about it. But as you can probably see, im not 100% sure.

[AlllPHA]

48 minutes ago, HanZie82 said:

I'm sorry i cant help you with a step by step guide as i've not found any for Windows.
Kinda in the same boat, but i do know a little about networking.

But if your ISP wont let you forward ports, might be little to do about it. But as you can probably see, im not 100% sure.

Oof

 

really tempted to build a dedicated linux (Ubuntu or Debian) server for this rather then hosting it my local machine

 

ISP isn't a issue as the main issue is HOW to do all that

[Kilrah]

You need to choose a domain to use (can be a subdomain of what you already have) and generate a certificate for it. That's usually done via let's encrypt through the certbot tool because free, but AFAIK that doesn't exist on Windows. You could set up a linux machine just to generate the cert and then transfer it though, or get a paid certificate from some other authority but I don't have experience with those.

 

The issue is that your IP will likely change, and the domain will need updating as it does so, which would be a pain with your current domain provider unless it supports dynamic DNS. 

[Jarsky]

11 hours ago, Kilrah said:

The issue is that your IP will likely change, and the domain will need updating as it does so, which would be a pain with your current domain provider unless it supports dynamic DNS. 

 

If it has an API then its just a case of having a script. For Cloudflare there are plenty of existing ones or can use some of the other tools available as detailed here:https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses/

 

The question i'd ask is, do you really require HTTPS when it's just for Jellyfin? 

If you do, then you can use certbot for Lets Encrypt as detailed in the documentation: https://jellyfin.org/docs/general/networking/letsencrypt.html

There are Windows versions of ACME as well that run natively like win-acme https://github.com/win-acme/win-acme

[AlllPHA]

19 hours ago, Kilrah said:

You need to choose a domain to use (can be a subdomain of what you already have) and generate a certificate for it. That's usually done via let's encrypt through the certbot tool because free, but AFAIK that doesn't exist on Windows. You could set up a linux machine just to generate the cert and then transfer it though, or get a paid certificate from some other authority but I don't have experience with those.

 

The issue is that your IP will likely change, and the domain will need updating as it does so, which would be a pain with your current domain provider unless it supports dynamic DNS. 

I can setup a linux vm to get the certificate to do that but now i need to figure the dns issue

[AlllPHA]

7 hours ago, Jarsky said:

 

If it has an API then its just a case of having a script. For Cloudflare there are plenty of existing ones or can use some of the other tools available as detailed here:https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses/

 

The question i'd ask is, do you really require HTTPS when it's just for Jellyfin? 

If you do, then you can use certbot for Lets Encrypt as detailed in the documentation: https://jellyfin.org/docs/general/networking/letsencrypt.html

There are Windows versions of ACME as well that run natively like win-acme https://github.com/win-acme/win-acme

API for what? could you elaborate please? 

can you tell me will this be a possible on a linux machine, Instead of forwarding ports through my router can I setup a reverse proxy to handle all? if yes can you guide that?

[AlllPHA]

Asking this cuz my router setting are hot mess at least to me and I have no clue how to forward port in this.
 

only thing I know in this is the description, the protocol and my IP the rest of fields I have no clue what to put their

[Kilrah]

You will always need to forward ports to the reverse proxy anyway.

 

You just need to forward 443 public to 443 private to the ip of the machine you run the server/reverse proxy on, potentially same for 80 but since you want SSL not really needed.

[Jarsky]

8 hours ago, AlllPHA said:

API for what? could you elaborate please? 

API for the Domain provider, if you go with a standard domain (as opposed to a dynamic domain like dyndns, duckdns, etc...)

8 hours ago, AlllPHA said:

can you tell me will this be a possible on a linux machine, Instead of forwarding ports through my router can I setup a reverse proxy to handle all? if yes can you guide that?

 

Yes you can do this, you still require to open the web server ports if youre hosting the reverse proxy at home. Forwarding port 443 / 80 TCP to the machine the proxy is running on. 

The easiest way is probably to use something like Nginx Proxy Manager, it has ACME as part of it for automatically creating/renewing Lets Encrypt certificates.

Another popular one which is easier to use is Caddy

 

I use vanilla Nginx, so I do it manually using provided configs like this: https://jellyfin.org/docs/general/networking/nginx.html