Tailscale HTTPS with Jellyfin and domain alias


I have been tinkering with Jellyfing, Caddy and of course Tailscale for the past few days.
Now, by all means, I am pretty much new to networking and to say that setting up Caddy was easy, would be a bit of a lie, but hey it works now.

Now here is the thing, I saw that, hopefully I am understanding that correctly, that tailscale also offers you to run a domain (alias) “(machine-name).tailscale.[Indentifier].ts.net” to allow for https to be used within the tailscale "network, yes?

Unfortunately I can’t quite seem to get that to work; I’ve tried binding Jellyfin to that domain alias, but get stuck on “SSL_ERROR_INTERNAL_ERROR_ALERT” (I did run tailscale cert [domain alias).

Would be great if someone point me in the right direction or correct me about any misconceptions / teach me how to set this up, as there are no videos as of right now unfortunately.


Are you adding the certs to the web server? I think that jellyfin uses apache, so you’d need to:

sudo tailscale cert <yourdomain>.ts.net
sudo mv <yourdomain>.ts.net.* /etc/ssl/certs

Then change the lines in the apache configuration to include:

    SSLCertificateFile      /etc/ssl/certs/<yourdomain>.ts.net.crt
    SSLCertificateKeyFile /etc/ssl/private/<yourdomain>.ts.net.key

Assuming it’s already set up for SSL. Otherwise you’d need at minimum, these lines:

<IfModule mod_ssl.c>
        <VirtualHost 1100.x.x.x:443> #your tailscale ip
                ServerName <yourdomain>.ts.net
                DocumentRoot /var/www/html
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/<yourdomain>.ts.net.crt
                SSLCertificateKeyFile /etc/ssl/private/<yourdomain>.ts.net.key

I think I am getting the general idea of your comment, thanks.

Just to make sure, I got the .crt + .key files, then move them to a decently accessible area and then point the reverse proxy towards them?
I’ll have to see how to do this with Caddy, otherwise I’ll have to get Apache running one way or another haha… :smiley:

The last part about it being set up for SSL I can’t answer, as I don’t have Apache (yet), from what I know Caddy is supposed to automatically handle SSL, but I might be wrong.


I’ve now installed Apache, the Test page for Apache is all working, but I am stuck on how to get it to point towards Jellyfin.

SSLCertificateFile C:\Caddy\certs\name.tailnet-[…].ts.net.crt
SSLCertificateKeyFile C:\Caddy\certs\name.tailnet-[…]ts.net.key

Is this ^ correct or would this be right?

SSLCertificateFile etc\ssl\name.tailnet-[…].ts.net.crt
SSLCertificateKeyFile etc\ssl\name.tailnet-[…]ts.net.key

And move the cert + key file into that apache\conf\ssl\ folder?