Plex has paywalled my server!
-
Out of curiosity, what TV and what OS?
TCL with Google IIRC
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
-
My tech-illiterate mom uses my Jellyfin instance with no issues. I sent her a link to the app store, her credentials, my server's hostname and that was it. And once it's set up, Jellyfin is much more straightforward to use than Plex.
Sure Jellyfin has issues and doesn't support as many types of devices, but Plex is far from perfect. I use it like twice a year, and the UI gets more and more confusing with each update IMO.
Jellyfin doesn’t have an app on every App Store. On some, you have to sideload it, by enabling developer mode and connecting to a PC that is running an App Store server. Then the TV downloads it from the PC.
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
Can your router open ports from a hostname vs an IP? If so, clients could run dynamic DNS.
WG client side isn't really that hard, though. All the fam run WG 24/7 on devices, and only traffic for the internal network goes through it.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
wrote last edited by [email protected]Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It's tough because I get they're an open-source project, and they're volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it's not accessible via WAN and instead has to go through a VPN, though that'd make it harder to share with others.
-
Great; how do I get my Mother to do that over the phone?
wrote last edited by [email protected]It's not a cake walk, but I've something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router's needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn't easy, but he ultimately succeeded.
-
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
-
The direct connection is cool, I just wonder if a P2P connection is actually any better than going through a data center. There's gonna be intermediate servers right?
Do you need to have Tailscale set up on any network you want to use this on? Because I'm a fan of being able to just throw my domain or IP into any TV and log in
I have Tailscale (actually headscale) set up on all my devices and the performance is good enough I don’t turn it off when I’m home and on the same lan as my server. The connection is p2p so it’s just a little encryption overhead. When I travel to other networks like my mobile network, or various corp wifi networks, it continues to try to get a p2p connection. Only sometimes corporate wifi networks block p2p and the traffic round trips through my VPS. It does take a lot of load off the VPS compared to the old way with openVPN. It also continues to work “for a while” if the VPS is down.
-
As someone who is … lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesn’t want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
The Onn dongles from Walmart are probably the cheapest. The firestick should work fine and there are also Chromecasts from Google.
-
Did you even read the link? You don't need it on every device. It's not really that difficult to understand.
I AM A 48 YEAR OLD FORMER FUCKING TRUCK DRIVER FOR FUCKS SAKE, and yet, I still managed to set up tailscale on my phone and a computer, and then access my stuff that ISNT running tailscale in any way, shape or form, from my phone, simply because I decided to figure it the fuck out.
Stop being so damned lazy.
I am so fucking tired of this "cater to the lowest common denominator" bullshit.
wrote last edited by [email protected]Stop being so dam lazy and do all the things you pay someone else to do.
Mow the lawn. Fix the plumbing. Run new electrical. Neuter the cat. Clean your teeth. Do your taxes. Properly segment your network into several VLANs so that your IoT devices can’t talk to your internal network.
-
TCL with Google IIRC
Because it’s android.
-
It's not a cake walk, but I've something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router's needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn't easy, but he ultimately succeeded.
Ok, so you didn’t walk someone through it; you shipped them something preconfigured.
That’s not going to scale as I share out my server.
-
Welp, I guess they'll just have to start their own servers or you'll have to get out your credit card. Pity.
yeah no. there are a lot of other solutions to this. they're just a little annoying. others have confirmed there are similar setups like plex is doing with a relay server, but selfhosted.
-
Can your router open ports from a hostname vs an IP? If so, clients could run dynamic DNS.
WG client side isn't really that hard, though. All the fam run WG 24/7 on devices, and only traffic for the internal network goes through it.
I know. the issue is my friends dont have networks run by me. So I have to gain access to them and have to change setups which makes the situation likely to blow in my face. its just not a good solution imo. People have already suggested a relay server which will likely be the best solution.
-
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
You're an absolute champ! Thanks for walking the walk. Its refreshing meeting people who do stuff. Feel free to check out my kodi peertube app at some point
-
Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
Yeah, or not.
-
I used synology and reverse proxy. It was pretty easy to set up. The tricky part was going into jellyfins setting and connecting your reverse proxy to the path you made.
Overall my kids and family can now access it anywhere.
I run a reverse proxy too. are you talking about a public one? I'm probably gonna use a relay server for it which essentially is the same I guess.
-
Ok, so you didn’t walk someone through it; you shipped them something preconfigured.
That’s not going to scale as I share out my server.
That’s not going to scale...
How many mothers do you have?
-
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It's tough because I get they're an open-source project, and they're volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it's not accessible via WAN and instead has to go through a VPN, though that'd make it harder to share with others.
That's what I do myself but in a lot of cases VPN is beyond the grasp of the grasp of the friends and family that are being shared with.
Tailscale is somewhat approachable for this, there are a number of streaming devices that support TS clients. But then tailscale will eventually enshittify their free offering. Wrapping headscale into this will add yet another layer of complication. VPN is far more secure but I think it makes it unapproachably complicated for many.
-
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
Authelia is super easy, if the clients can handle it
