It depends on how you’re hosting Jellyfin. The easiest and most common way is via Docker in some form. You can also install a docker image of Cloudflare tunnel making sure it’s on the same virtual network as Jellyfin (I think it will by default). However you’re running Jellyfin, Cloudflare tunnel will need to be able to reach your local Jellyfin install.

Create a tunnel in the Cloudflare zero trust dashboard, create or edit the config file for your Cloudflare tunnel install using the code string from the zero trust dashboard, your tunnel will attempt to connect to the Cloudflare servers, when it does, you have a secure tunnel. Then you can add hostnames on the zero trust dashboard, using your local IP addresses and ports. For example, jellyfin.yourdomain.com points to 192.168.1.10:8096. The tunnel connects your local IP to the routing from your domain.

Be careful to not open this up to apps that don’t have security in some form at least. There are ways to improve security on your tunnel end with SWAG and such. And I recommend turning on the security tools in Cloudflare so your domain can’t be accessed outside of your country at the least, and maybe even whitelisting IP addresses for even more security.

SpaceInvaderOne on YouTube has a good video on creating a Cloudflare tunnel via Unraid. But everything is much the same in regular docker. I’m sure there’s good videos on doing it however you’re hosting Jellyfin. Feel free to reach out with questions, I’ll gladly help if I can.