Jellyfin over the internet
-
for me the easiest option was to set up tailscale on the server or network where jellyfin runs and then on the client/router where you want to watch the stream.
This is what I do as well. Works super well
-
Wow, a "for dummies" guide for doing all this would be great
know of any?I figured infodump style was a bit easier for me at the time so anyone could take anything I namedropped and go search to their heart's content.
-
I've recently been working on my own server and a lot of this stuff can be accomplished by just chatting with chatgpt/gemini or any ai agent of your choosing.
One thing to note tho is that they have some outdated information due to their training data so you might have to cross reference with the documentation.Use docker as much as you can, this will isolate the process so even if somehow you get hacked, the visibility the hackers get into your server is limited to the docker container.
-
I think my approach is probably the most insane one, reading this thread…
So the only thing I expose to the public internet is a homemade reverse proxy application which supports both form based and basic authentication. The only thing anonymous users have access to is the form login page. I’m on top of security updates with its dependencies and thus far I haven’t had any issues, ever. It runs in a docker container, on a VM, on Proxmox. My Jellyfin instance is in k8s.
My mum wanted to watch some stuff on my Jellyfin instance on her Chromecast With Google TV, plugged into her ancient Dumb TV. There is a Jellyfin Android TV app. I couldn’t think of a nice way to run a VPN on Android TV or on any of her (non-existent) network infra.
So instead I forked the Jellyfin Android TV app codebase. I found all the places where the API calls are made to the backend (there are multiple). I slapped in basic auth credentials. Recompiled the app. Deployed it to her Chromecast via developer mode.
Solid af so far. I haven’t updated Jellyfin since then (6 months), but when I need to, I’ll update the fork and redeploy it on her Chromecast.
Clever, but very hands on
-
Clever, but very hands on
VERY hands on, wouldn’t recommend it haha.
But that’s the beauty of open source. You CAN do it
-
Or you could use Plex and jump through zero of these hoops
Plex is slowly changing is terms & conditions to sell more and more of our data. That’s kind of a no no for me
-
for me the easiest option was to set up tailscale on the server or network where jellyfin runs and then on the client/router where you want to watch the stream.
This is also what I do, however, each user creates their own tailnet, not an account on mine and I share the server to them.
This way I keep my 3 free users for me, and other people still get to see jellyfin.
Tailscale and jellyfin in docker, add server to tailnet and share it out to your users emails. They have to install tailscale client in a device, login, then connect to your jellyfin. My users use Walmart Onn $30 streaming boxes. They work great.
I struggled for a few weeks to get it all working, there's a million people saying "I use this" but never "this is how to do it". YouTube is useless because it's filled with "jellyfin vs Plex SHOWDOWN DEATH FIGHT DE GOOGLE UR TOILET".
-
What’s your go too (secure) method for casting over the internet with a Jellyfin server.
I’m wondering what to use and I’m pretty beginner at this
We have it open to the public, behind a load balancer URL filtering incomming connection, https proxied through cloudflare with a country filter in place
-
Why would you need to expose SSH for everyday use? Or does Jellyfin require it to function?
Maybe leave that behind some VPN access.
-
What’s your go too (secure) method for casting over the internet with a Jellyfin server.
I’m wondering what to use and I’m pretty beginner at this
I used to do all the things mentioned here. Now, I just use Wireguard. If a family member wants to use a service, they need Wireguard. If they don't want to install it, they dont get the service.
-
Plex is slowly changing is terms & conditions to sell more and more of our data. That’s kind of a no no for me
Either comment OP hasn't followed the news, or they forgot this was the Fediverse.
-
What’s your go too (secure) method for casting over the internet with a Jellyfin server.
I’m wondering what to use and I’m pretty beginner at this
My go to secure method is just putting it behind Cloudflare so people can’t see my IP, same as every other service. Nobody is gonna bother wasting time hacking into your home server in the hopes that your media library isn’t shit, when they can just pirate any media they want to watch themselves with no effort.
-
I use a VPS and a wiregusrd tunnel.
I'm currently using CF Tunnels and I'm thinking about this (I have pretty good offers for VPS as low as $4 a month)
Can you comment on bandwidth expectations? My concern is that I also tunnel Nextcloud and my offsite backups and I may exceed the VPS bandwidth restrictions.
BTW I'm testing Pangolin which looks AWESOME so far.
-
I think my approach is probably the most insane one, reading this thread…
So the only thing I expose to the public internet is a homemade reverse proxy application which supports both form based and basic authentication. The only thing anonymous users have access to is the form login page. I’m on top of security updates with its dependencies and thus far I haven’t had any issues, ever. It runs in a docker container, on a VM, on Proxmox. My Jellyfin instance is in k8s.
My mum wanted to watch some stuff on my Jellyfin instance on her Chromecast With Google TV, plugged into her ancient Dumb TV. There is a Jellyfin Android TV app. I couldn’t think of a nice way to run a VPN on Android TV or on any of her (non-existent) network infra.
So instead I forked the Jellyfin Android TV app codebase. I found all the places where the API calls are made to the backend (there are multiple). I slapped in basic auth credentials. Recompiled the app. Deployed it to her Chromecast via developer mode.
Solid af so far. I haven’t updated Jellyfin since then (6 months), but when I need to, I’ll update the fork and redeploy it on her Chromecast.
What an absolute gigachad XD
-
I used to do all the things mentioned here. Now, I just use Wireguard. If a family member wants to use a service, they need Wireguard. If they don't want to install it, they dont get the service.
I started my homelab with a couple exposed services, but frankly the security upkeep and networking headaches weren't worth the effort when 99% of this server's usage is at home anyway.
I've considered going the Pangolin route to expose a handful of things for family but even that's just way too much effort for very little added value (plus moving my reverse proxy to a VPS doesn't sound ideal in case the internet here goes down).
Getting 2 or 3 extra folks on to wireguard as necessary is just much easier.
-
Didn’t they patch their things now that your stuck in their bubble/environment now or something like that ?
Not sure what what you mean. Plex has a bubble you can get stuck in. Jellyfin is free and open source
-
I'm currently using CF Tunnels and I'm thinking about this (I have pretty good offers for VPS as low as $4 a month)
Can you comment on bandwidth expectations? My concern is that I also tunnel Nextcloud and my offsite backups and I may exceed the VPS bandwidth restrictions.
BTW I'm testing Pangolin which looks AWESOME so far.
I am using the free Oracle VPS offer until they block me, so far I have no issue. Alzernatively I wanted to check out IONOS, since you dont have a bandwidth limit there.
-
I am using the free Oracle VPS offer until they block me, so far I have no issue. Alzernatively I wanted to check out IONOS, since you dont have a bandwidth limit there.
WOW! That's one hell of a deal. You've convinced me XD I'm installing pangolin Right now. The hell with Cloudflare and their evil ways
-
Not sure what what you mean. Plex has a bubble you can get stuck in. Jellyfin is free and open source
Talking about Synology, if I’m not mistaken you’ll have to buy all from their store now : Synology Hardrive and such
-
I tried really hard to get a named CloudFlare tunnel working with a domain name I registered (I share my personal home videos with a non technical family member in Italy) but couldn't get it working no matter what I tried.
I'm not sure whay the OS you use is, but on linux (debian based) they have a Curl installer that installs their Systemd service preconfigured for your account and the specific tunnel you're using.
Once that is installed, configuration is pretty easy. Inside their ZeroTrust portal, you will find the options to configure ports.
Always point your tunnel to https://localhost:port or http://localhost:port. You can get a TLS cert from lets-encrypt for your first one. New certifications are issued by cloudflare's partners regularly to prevent expiration. I think I have like 3 for my domain now? 1 from Lets-Encrypt and a couple from Google.
This could be totally unrelated, but when I first configured my domain, I used DuckDNS as my DNS registrar so I could do everything over wireguard. That's is still set up and in Cloudflare I still have duckdns included in my DNS registry. Could he worth a shot to set that up and add it to your DNS registry on cloudflare.
