Skip to content

Reverse Proxy

Odeion’s HTTP server does not handle TLS itself. If you want to use the mobile apps, TV apps, or the device linking feature, you need a reverse proxy that terminates SSL and forwards traffic to Odeion over plain HTTP.

The web interface works over plain HTTP for local access, but all client apps require HTTPS to connect. The device linking service at link.odeion.app also redirects users to your server’s base URL, which must be publicly reachable over HTTPS for the redirect to work.

Caddy is the simplest option because it obtains and renews TLS certificates automatically via Let’s Encrypt. Create a Caddyfile:

odeion.example.com {
reverse_proxy localhost:8080
}

Start Caddy and it will handle certificate issuance on its own. No further TLS configuration is needed. The installation wizard can generate a compose file with Caddy included.

Once your reverse proxy is working, update the base URL in the admin settings (or during the setup wizard) to your public HTTPS URL, for example https://odeion.example.com. This ensures device linking and app connections route to the correct address.

With the proxy in place, make sure only the proxy is exposed to the internet; see the security hardening checklist.