There’s a nice explanation of how caddy reverse proxies work here. https://caddy.community/t/using-caddy-as-a-reverse-proxy-in-a-home-network/9427

Essentially you setup your router to port forward any new incoming connections to Caddy, which then decides what to do with them according to the configuration (Caddyfile).

Even simpler: Your local network is like a castle, inside is a safe and secure place where your devices communicate freely. Your router is a firewall around the castle, by default it blocks incoming connections. This is good because the internet is scary. By port forwarding you allow a door in the firewall which leads to Caddy, which is like a guard. Caddy asks them what they want, and if they say e.g. jellyfin.example.com, then it sets up an encrypted connection with https to your local jellyfin server. If they want anything else they aren’t allowed in.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #241 for this sub, first seen 25th Oct 2023, 10:45] [FAQ] [Full list] [Contact] [Source code]

i don’t understand how i connect the pc to the domain.

Yeah, that’s the part where I think there’s some misunderstanding. You don’t “connect” the server to your domain. Instead, there is a Nameserver (most run by your registrar, GoDaddy) that hosts a list of DNS records, that you can edit, which point to IPs. So you need to edit those to point to your public IP (or set up stuff like DynDNS if your IP isn’t static) and once that’s doneand the port forwarding is also set up properly in the Fritz!Box you should be able to connect.

That said, what’s wrong with VPN? Particularly if you’re using Wireguard VPN, which was recently added to Fritz!Box, there shouldn’t be any performance differences. Plus, it would be safer than exposing services to the whole internet, doubly so if you’re not a networking expert.

To connect your domain to your IP use godaddy website, it should have a section where you can configure a dns entry, you can specify an IP address (your public IP) and, after a while, every device on the internet connecting to YOURDOMAIN.COM will be send to your home. If godaddy doesn’t offer a dns service you have to buy it somewhere else like on cloudflare, here I think you will need to prove that you own YOURDOMAIN.COM and then setup your IP in the dns. If you don’t have a static IP you need a DDNS (Dynamic DNS). After that you open the port number 443 on your home router so that https requests will be send to a device of your choice, this device will host your reverse proxy, the reverse proxy binds a domain name (the one you brought) or a sub domain to a service of you choice on your local network, doing this you don’t expose the local server directly and you need to open a single port only.

I bought a domain on namecheap.com and it has a configurable dns built in so I hope that godaddy has one too. I use Caddy as a reverse proxy for my jellyfin instance instead of Nginex, I think that they are both valid, another thing other people said in the comment is to access jellyfin via wireguard tunnel and I confirm that is the best choice if you don’t have specific needs, let me explain. The reverse proxy automatically generates ssl certificates using let’s encrypt allowing you to cast from an android phone to a Google chromecast (this seems to be the only way to do it and works very well for me). I also configured other services on caddy, in my setup I block every request to the reverse proxy that doesn’t arrive from inside my local network (except jellyfin so I can use it remotely), I know that it’s not the intended use of a reverse proxy but it makes some things possible that otherwise will need more configuration:

• I have two separate networks in my home, my reverse proxy has a double interface so I can easily access all services from devices on the main network.
• I don’t need to configure local dns rewrites to my services neither I have to add exceptions for dns rebind inside my router, I simply add a new rule to caddy and it just work.
• I have https for every service on my network without annoying messages on the browser.

If you think this lazy use of the reverse proxy could be a problem please tell me your thoughts!

is the free vpn service the wireguard one? if yes and it is slow, than it won’t be any faster when using your own domain and exposing the server directly to the internet, because wireguard should be as fast as any direct connection. if it is not the wireguard vpn from the fritz box i’d recommend switching to it. this can be done by tge server jellyfin is running on if your box does not support wireguard.

I just recently set up a reverse proxy with Nginx Reverse Proxy, and Cloudflare. I pointed my domain to my home address with Cloudflare (they have dynamic DNS capability), then set up NRP, to forward traffic by subdomain. The nice thing about the reverse proxy it is I can bind a subdomain to an ip:port on my local network. Like “music.!MYIP!.com” goes to my Navidrome instance “LOCALIP:4553”. This allows me to close unnecessary outbound ports.

I assume you have a dynamic ip. what I did for that scenario: setup a dyndns hostname somewhere, configure a subdomain (e.g. jellyfin.example.com) with a cname dns record pointing to the dyndns hostname. you will have to setup updating of the dyndns hostname, this can be done in the fritz box and port forwarding to your jellyfin pc.

It depends on what all you want to proxy in, if it’s just that one thing then it’s pretty simple to point a port inbound to a secure interface and call it a day.

For a more complete thing, an inbound proxy will take the requested domain coming into your front door and translate it to an IP/port combo on the inside. That way you can have several services behind the single IP. If you have a full gateway server setup in frontt of things something like HAProxy or squid can work and do SSL offloading for you. For a single server setup you might look at ‘nginx proxy manager’ (NPM) which gives an easy way to set up an inbound proxy plus it’ll manage getting certificates from let’s encrypt automatically.

I could help more fully but need a good bit more details to give some specific ideas.