Expose your server

HTTPS

If you want to open your Komga server outside your local network, it is strongly advised to secure it with https (especially due to the use of http basic authentication).

Spring Boot supports https out of the box, but you will have to configure it, and https is most useful only with valid certificates (not self-signed), which most people don't readily have available.

We recommend using Caddy as a reverse proxy, as it supports the automatic generation of Let's Encrypt certificates.

Reverse proxy

In order for Komga to work properly behind a reverse proxy, your proxy should set the following upstream headers:

• set or augment the X-Forwarded-For header field
• set the X-Forwarded-Proto header field
• set the X-Forwarded-Host header field

Here are some sample configuration on how to configure reverse proxy for Komga.

Caddy

Subdomain

Without a base URL configured in Komga, using a subdomain:

komga.yourdomain.com {
    reverse_proxy http://your-komga-server:25600
}

Base URL

With a base URL configured in Komga:

yourdomain.com {
    reverse_proxy /komga/* http://your-komga-server:25600
}

Nginx

Subdomain

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen 80;
  server_name komga.yourdomain.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  server_name komga.yourdomain.com;

  ssl_certificate /path/to/fullchain.pem;
  ssl_certificate_key /path/to/privkey.pem;

  client_max_body_size 20000m;

  location / {
    proxy_pass http://your-komga-server:25600;
    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}