HTTPS

Enable TLS encryption for Comicarr using a reverse proxy.

Comicarr does not include a built-in TLS server. A reverse proxy is the recommended and only supported way to add HTTPS.

Why a reverse proxy?

A reverse proxy (Caddy, nginx, Traefik) handles certificate provisioning and renewal automatically, supports HTTP/2, and keeps TLS configuration outside your application.

Reverse Proxy

Caddy handles certificate provisioning and renewal automatically via Let's Encrypt.

Caddyfile
comics.example.com {
    reverse_proxy comicarr:8090
}
nginx.conf
server {
    listen 443 ssl;
    server_name comics.example.com;

    ssl_certificate     /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

    location / {
        proxy_pass http://comicarr:8090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # SSE support — disable buffering and allow long-lived connections
        proxy_buffering off;
        proxy_read_timeout 86400s;
    }
}
docker-compose.yml
services:
  comicarr:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.comicarr.rule=Host(`comics.example.com`)"
      - "traefik.http.routers.comicarr.tls.certresolver=letsencrypt"
      - "traefik.http.services.comicarr.loadbalancer.server.port=8090"

When using a reverse proxy, leave ENABLE_HTTPS set to False in Comicarr. The proxy terminates TLS and forwards plain HTTP to port 8090.

Docker

Production Docker deployment reference for Comicarr.

Manual Installation

Run Comicarr from source without Docker.

On this page

Reverse Proxy