this post was submitted on 31 Mar 2025
18 points (100.0% liked)

Selfhosted

45453 readers
293 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
18
How to secure Jellyfin hosted over the internet? (programming.dev)
submitted 4 days ago by [email protected] to c/[email protected]
69 comments fedilink hide all child comments
 

I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

(page 2) 19 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 4 days ago* (last edited 4 days ago) (2 children)

For web access, stick it behind a reverse proxy and use something like Authentik/Authelia/SSO provider of your choice to secure it.

For full access including native clients, set up a VPN.

load more comments (2 replies)
[–] [email protected] 1 points 4 days ago* (last edited 4 days ago) (2 children)

My setup: Locally (all in docker):

  • JF for managing and local access
  • JF with read only mounted volumes that uses the network of my Wireguard client container
  • Wireguard client opening a tunnel to Wireguard server on VPS ** Ping container regularly doing pings to Wireguard Server so the connection stays up (didn't manage it otherwise)

VPS (Oracle Cloud free tier, also everything in docker):

  • Caddy as a reverse proxy with https enabled and geolocking (only certain countries are allowed to connect to)
  • fail2ban to block IPs that try to bruteforce credentials
  • Wireguard server

Usernames are not shown in the frontend and have to be entered. Passwords are generated by a password manager and can't be changed by the user.

So my clients just get the URL of my reverse proxy and can access the read only JF through my Wireguard tunnel. Didn't have to open any ports on my side. If someone is interested I can share the docker compose files later.

Edit: Here the link to the setup description. Please tell me if something is not clear or you find an error. https://codeberg.org/skjalli/jellyfin-vps-setup

[–] [email protected] 0 points 4 days ago (1 children)

This seems like a developer/infrastructure level job, any dumb down step by step procedure to recommend?

load more comments (1 replies)
[–] [email protected] 0 points 4 days ago (3 children)

I am interested in your docker compose

load more comments (3 replies)
[–] [email protected] -1 points 4 days ago* (last edited 4 days ago)

Mostly via empty threats, but occaisonally I have had to whip out the soccer ball

[–] [email protected] 0 points 4 days ago* (last edited 4 days ago) (1 children)

~~Jellyfin is secure by default, as long as you have https. Just chose a secure password~~

load more comments (1 replies)
load more comments
view more: ‹ prev next ›