I am running Navidrome on my local desktop at home. It works great but it is http not https.
I have read the documention from Navidrome and I have a domain name that routes to the desktop through a port. I also have the domain name registered with cloudflare and they have some kind of ssl process but I don’t understand how to use it if I even can. I ofcourse want to do this cost free.
One other thing that complicates this maybe is I am running a Mailcow server on a different machine with the same domain name.
Can what I am doing be done?
If more info is needed I will provide it. I know I should be able to understand this but this certificate stuff I just can’t get my arms around it.
it seems you need to setup a reverse proxy to manage SSL certificates… Navidrome can not do it itself. The proxy would simply forward any requests to Navidrome.
I found a video on how to use a Cloudflare SSL Certificate:
It looks like official Cloudflare video but doesn’t really get into much detail. I’ll see if I can find another one for you.
This next one has more detail, but doesn’t give much detail on what you do on your local server.
Using the same domain name for both mail and www takes a little finesse. I think I would have www.yourdomain.com and mail.yourdomain.com use two different SSL certificates (they’re free from Cloudflare I believe). They can both point to your same home public IP address, but because there is a different host header (www/mail) your server can route the request to two different sites. I know how to do this using NGINX and there are many resources documenting that, probably on It’s Foss.
On the other hand, it might be easier to have one SSL certificate that includes both www.yourdomain.com and mail.yourdomain.com. That way NGINX (in my case anyway) can use just the one SSL certificate in its configuration. The server providing www and mail sites don’t even need the SSL certificate. NGINX is doing SSL offloading. The communication between NGINX and www or mail is unencrypted, but it’s also all locally on your own network.
In your Cloudflare dashboard, make sure your domain is using Cloudflare’s SSL. Go to the SSL/TLS settings and choose the Flexible SSL option if your Navidrome server doesn’t have its own SSL certificate.
Ensure that Cloudflare is correctly routing traffic to your local desktop via port forwarding. You’ll need to configure your router to forward HTTP (port 80) and HTTPS (port 443) requests to your desktop.
Cloudflare will automatically issue a certificate when it detects traffic to your domain. You can use Cloudflare’s “Origin Certificate” for additional security, which encrypts the connection between Cloudflare and your desktop server.
Since you’re running a Mailcow server on a different machine, ensure it’s also using Cloudflare’s SSL, with correct DNS settings for both services. For separate services, you may need to configure them to use different ports if they share the same domain.
If you want to use “Strict” SSL, you’ll need to install an SSL certificate on your Navidrome server. You can use Let’s Encrypt (free) or buy one from a provider.