Plex has paywalled my server!
-
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it.
I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
-
What's it from?
wrote last edited by [email protected]From a time when the jerk motion was used en mass. https://www.dailymotion.com/video/x2jvcd5
-
Therefore it's literally impossible for me to watch my media locally, way to go Plex.
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
As someone who is ⌠lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesnât want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
-
What do you mean WinRAR isnât free?!
wrote last edited by [email protected]"Free software" is different from "software that is free"
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
I access my stuff via VPN. As for sharing with others, I simply don't do that. VPN is still an option though. Or temporary client whitelisting, etc.
-
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issuedOK, add step above: use wildcard certificate for your domain.
Terminating the TLS connection at your perimeter firewall is standard practice, there's no reason your jellyfin host needs to obtain the certificate.
-
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup.
Welp, I guess they'll just have to start their own servers or you'll have to get out your credit card. Pity.
-
But I ran into challenges getting my server safely accessible for users outside my LAN
FWIW:
- vps + domain (optional?)
- connect vps to home server with wireguard (eg Tailscale)
- reverse proxy on the VPS forwarding to jellyfin (eg Caddy)
Obviously not as trivial or seamless as Plex. Also I wouldn't try to complicate this setup by using docker for everything. But once its up you can basically host whatever you want on the WAN from your LAN.
What added security do you get by using a VPS besides obscuring your home IP? I can definitely see benifits to not leaking your home address, but otherwise the reverse proxy and wireguard tunnels don't actually add any increased security for the extra steps. You could just host a reverse proxy at home, and any flaws Jellyfin could have in their app would still be exposed.
I'm not knocking your solution, I'm just in a similar place and considering if I want to go through the extra hurdle for a VPS if I don't need one.
-
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
wrote last edited by [email protected]Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
-
Out of curiosity, what TV and what OS?
TCL with Google IIRC
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
-
My tech-illiterate mom uses my Jellyfin instance with no issues. I sent her a link to the app store, her credentials, my server's hostname and that was it. And once it's set up, Jellyfin is much more straightforward to use than Plex.
Sure Jellyfin has issues and doesn't support as many types of devices, but Plex is far from perfect. I use it like twice a year, and the UI gets more and more confusing with each update IMO.
Jellyfin doesnât have an app on every App Store. On some, you have to sideload it, by enabling developer mode and connecting to a PC that is running an App Store server. Then the TV downloads it from the PC.
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
Can your router open ports from a hostname vs an IP? If so, clients could run dynamic DNS.
WG client side isn't really that hard, though. All the fam run WG 24/7 on devices, and only traffic for the internal network goes through it.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
wrote last edited by [email protected]Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It's tough because I get they're an open-source project, and they're volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it's not accessible via WAN and instead has to go through a VPN, though that'd make it harder to share with others.
-
Great; how do I get my Mother to do that over the phone?
wrote last edited by [email protected]It's not a cake walk, but I've something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router's needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn't easy, but he ultimately succeeded.
-
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
-
The direct connection is cool, I just wonder if a P2P connection is actually any better than going through a data center. There's gonna be intermediate servers right?
Do you need to have Tailscale set up on any network you want to use this on? Because I'm a fan of being able to just throw my domain or IP into any TV and log in
I have Tailscale (actually headscale) set up on all my devices and the performance is good enough I donât turn it off when Iâm home and on the same lan as my server. The connection is p2p so itâs just a little encryption overhead. When I travel to other networks like my mobile network, or various corp wifi networks, it continues to try to get a p2p connection. Only sometimes corporate wifi networks block p2p and the traffic round trips through my VPS. It does take a lot of load off the VPS compared to the old way with openVPN. It also continues to work âfor a whileâ if the VPS is down.
-
As someone who is ⌠lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesnât want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
The Onn dongles from Walmart are probably the cheapest. The firestick should work fine and there are also Chromecasts from Google.
-
Did you even read the link? You don't need it on every device. It's not really that difficult to understand.
I AM A 48 YEAR OLD FORMER FUCKING TRUCK DRIVER FOR FUCKS SAKE, and yet, I still managed to set up tailscale on my phone and a computer, and then access my stuff that ISNT running tailscale in any way, shape or form, from my phone, simply because I decided to figure it the fuck out.
Stop being so damned lazy.
I am so fucking tired of this "cater to the lowest common denominator" bullshit.
wrote last edited by [email protected]Stop being so dam lazy and do all the things you pay someone else to do.
Mow the lawn. Fix the plumbing. Run new electrical. Neuter the cat. Clean your teeth. Do your taxes. Properly segment your network into several VLANs so that your IoT devices canât talk to your internal network.
