this post was submitted on 25 Apr 2025
68 points (95.9% liked)

Selfhosted

46327 readers
615 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
68
Sharing Jellyfin (poptalk.scrubbles.tech)
submitted 1 day ago by [email protected] to c/[email protected]
86 comments fedilink hide all child comments
 

Hi folks. So, I know due to a myriad of reasons I should not allow Jellyfin access to the open internet. However, in trying to switch family over from Plex, I'll need something that "just works".

How are people solving this problem? I've thought about a few solutions, like whitelisting ips (which can change of course), or setting up VPN or tail scale (but then that is more work than they will be willing to do on their side). I can even add some level of auth into my reverse proxy, but that would break Jellyfin clients.

Wondering what others have thought about for this problem

(page 2) 36 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 1 day ago (2 children)

I do. I run it behind a caddy service so it's secured with an SSL. The port is running on a high non standard one. I do keep checking access logs but haven't had a peep apart from the 1 person I shared it with

load more comments (2 replies)
[–] [email protected] 9 points 1 day ago (2 children)

There are two routes. VPN and VPS.

VPN; setup wireguard and offer services to your wireguard network.

VPS; setup a VPS to act as a reverse proxy for your jellyfin instance.

Each have their own perks. Each have their own caveats.

load more comments (2 replies)
[–] [email protected] 11 points 1 day ago (1 children)

AppleTV + Tailscale in and it’s been a flawless experience.

[–] [email protected] 3 points 1 day ago (1 children)

How do you do a tailscale with apple tv?

[–] [email protected] 9 points 1 day ago (1 children)

You can install it right on the TV, they have a first party app.

[–] [email protected] 1 points 1 day ago (3 children)

Right the jellyfin side, but how do you get it to go through tailscale? I'm not as familiar with tailscale, I only use openvpn

[–] [email protected] 5 points 1 day ago (1 children)

tvOS supports VPN connections directly on the Apple TV. Haven't tried it myself but I assume you just download the Tailscale app, set it up, and then it should just work.

[–] [email protected] 2 points 1 day ago

Thanks! Interesting they support them now!

load more comments (2 replies)
[–] [email protected] 3 points 22 hours ago

I share Jellyfin.

Behind a Reverse Proxy with 2FA that breaks client support.
So only web browser :)

[–] [email protected] 6 points 1 day ago (2 children)

I don't do this, but I would set up oAuth like Authelia or something behind a reverse-proxy and authenticate Jellyfin clients through that.

load more comments (2 replies)
[–] [email protected] 4 points 1 day ago (1 children)

You could probably set up a cloudflare tunnel. I forget what they call it. I think technically sending video through it is against their TOS but if just a few friends and family are using it I doubt you will hit their naughty list.

[–] [email protected] 2 points 1 day ago (1 children)

I've heard mixed responses about how sensitive they are about routing video through their service. I've heard some people are just fine running jellyfin/Plex while others get shut down from routing a security system through it.

[–] [email protected] 1 points 1 day ago

I've used it about 2 years now. I have both Jellyfin and even had Invidious for a while. I don't even know it was against any terms until right now.

[–] [email protected] 3 points 1 day ago

I've been making people use VPN, but that's been a huge barrier to entry. I'm in the process of switching to IP allow list in traefik.

[–] [email protected] 4 points 1 day ago (1 children)

Making a note so I can find this again - also I have been loving JellyFin over Plex.

[–] [email protected] 3 points 1 day ago (1 children)

Jellyfin over Plex?

[–] [email protected] 4 points 1 day ago (1 children)

Yup, I like jelly more - not that I have one running over the other lol

[–] [email protected] 4 points 1 day ago

I thought there was some way to use Jelly on the backend with a Plex client!

[–] [email protected] 3 points 1 day ago (1 children)

Reverse proxy with CrowdSec, which has setups specifically for Jellyfin. Docker for everything.

[–] [email protected] 2 points 1 day ago (2 children)

Now that's interesting, what is the purpose of the reverse proxy, don't you still need something exposed then?

[–] [email protected] 3 points 21 hours ago (1 children)

A reverse proxy saves you from having to expose your services directly and acts as a go-between.

Internet <--> Reverse Proxy <--> Service

[–] [email protected] 3 points 21 hours ago (8 children)

Right, but what exactly does the reverse proxy do to stop intrusion?

load more comments (8 replies)
load more comments (1 replies)
[–] [email protected] 2 points 1 day ago (2 children)

I just expose it to the internet.

[–] [email protected] 0 points 21 hours ago (1 children)

I have it behind a proxy and IPS. I force my users to have strong passwords. I don't see why this would be a problem.

[–] [email protected] 0 points 16 hours ago (1 children)

Its a major problem

It is only a matter of time before it gets compromised. Chances are you will have no idea it happened and you home internet will join the bot net of some nation state. The Jellyfin devs take security seriously but there will always be flaws.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 2 points 1 day ago (4 children)

Hang on, why not open the port to jellyfin to the internet?

I have a lifetime Plex pass so its not urgent but I have a containers running emby and jellyfin to check them out. When I decide which one I planned to open it up and give people logins.

load more comments (4 replies)
load more comments
view more: ‹ prev next ›