Plex has paywalled my server!
-
"Free software" is different from "software that is free"
True, though WinRar is technically neither.
-
Lots of those issues have been blown out of proportion, and would never be a real concern for the “just a dude running a server in his closet for his friends” setups. Which, to be clear, is the vast majority of setups.
For instance, virtually all of the worst issues require that the attacker already has a valid login token. So unless they stole your buddy’s credentials, the only one to truly worry about would be your buddy directly. But yes, Jellyfin has some gaping holes, and letting it touch the WAN at all is always a risk. You’re giving attackers a new potential vector of attack that didn’t exist before, so that’s worth noting.
unless they stole your buddy's credentials
Thank God trolls never steal people's credentials so they can hack a small server because they're bored.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
probably SSL
*TLS
SSL has been deprecated for a decade at this point
-
probably SSL
*TLS
SSL has been deprecated for a decade at this point
Would you consider this a particularly constructive comment?
-
Strange that plex.tv isn't blocked while a "personal" categorized website is. Have you looked to see what category your domain is shuffled under? You could try submitting a recategorization request to Cisco Umbrella or Fortinet databases. Requests for recategorization are free to do.
I've tried submitting recategorization requests through the links provided by my workplace on the block pages. The requests have been denied.
If I'm remembering right, it's a Symantec web filtering solution that we use and they've decided that my domain is in the "personal blog" category. Which is a blocked category. Jeff Geerling's website actually falls under the same category, which also kind of sucks, because I like reading some of the stuff he puts out.
-
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
Yes I am, but I don't want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It's ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it's a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it's running.
-
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you're good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
-
Now that's an interesting thought.
A web page with Authelia, login and a firewall.
If you're not logged in, All you get is a login page. If you are logged in, It passes you straight through to jellyfin.
So any device and client would be able to access it without issue once a phone or computer on the network had logged in just once.
The web page modifies the HA proxy ACL and forces a reload.
This will work fine over the web, but won’t work with clients.
-
Yes I am, but I don't want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It's ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it's a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it's running.
You've likely given it full control to whatever storage you've mounted in the container anyway, unless you've given it the :ro flag, which in that case would operate the same regardless of networking mode. If someone gains access to your internal host, you have bigger problems. Some things just play better under host mode and all bridged mode is doing is creating a virtual switch on your host and passing allowed traffic through it at a base level. The best way to protect is by running a load balancer in a DMZ and proxying all of the traffic through it which is how I have my instance running. I funnel everything external --> TCP\UDP 443 in DMZ vlan load balancer --> internal LAN IP:docker port. I run a mix of host network or bridged mode depending on the container.
-
I tried testing a movie from my home server in plex through firefox and repeatedly got this message, even after reloading.
I knew that they had paywalled the apps on mobile and streaming from outside the network but now they have also blocked watching your own movies through your own hardware.
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
Even a pop up that says "we need you to donate please" would have been fine. make it pop up before every movie, play donation ads before any movie but straight up disabling the app is kinda cruel.
Anyway, i have switched to jellyfin and it is insanely good. please give it a try. you can run it alongside plex with not issues (at least i had none) and compare the two.
In any case, good luck. Let me know if you need help.
Threads like this are why people don't use open source. It sounds like a reality-denying anti-intellectual one-size-fits-all cult in here. This is also like half the threads about Linux. Just armies of tech bros who couldn't put themselves in someone else's shoes if their life literally depended on it.
-
I've tried submitting recategorization requests through the links provided by my workplace on the block pages. The requests have been denied.
If I'm remembering right, it's a Symantec web filtering solution that we use and they've decided that my domain is in the "personal blog" category. Which is a blocked category. Jeff Geerling's website actually falls under the same category, which also kind of sucks, because I like reading some of the stuff he puts out.
I would go around them and go directly to the source of categorization. It looks like this is the Symantec categorization website in case it's different from what you're workplace provides - https://sitereview.bluecoat.com/#/
-
This will work fine over the web, but won’t work with clients.
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don't put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don't have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
-
If you live in an area where you need a VPN to keep your ISP off your ass
Uploading copyrightes material is illegal pretty much everywhere I know of.
Exactly, which is why you don't need a VPN if you use a Debrid service. No files are being uploaded. The Debrid service handles that for you by downloading the torrent to a remote server, than giving you a direct download link to the file. Nothing is being uploaded from your end.
-
That's true, but ISPs have logs. And if something happens that makes the police change their mind about enforcing the law, you might be fucked, retroactively.
Again, not an issue if you use a Debrid service, because no files are being uploaded.
-
I always see people advocate for Stremio. But my experience was always very mixed. Half the time it would just buffer all the time. I guess it's s my own fault for having little interest in the latest Marvel/Hollywood movies, but alas. I way more prefer my jellyfin/jellyseer/arr stack. Once it's available I'm (99%) sure it works from everywhere in the world.
Are you using a Debrid service with it? It's a much better experience if you are. Give Real-Debrid a try with Stremio. It'll change your opinion.
-
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you're good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
For software I like made by people getting paid, I was happy to pay the one time fee. It's really good, secure, and downloads are fast now.
-
wrote last edited by [email protected]
Bro you asked for a guide, I gave you a guide. The fuck you want from me? (For convenience sake I even made as short as possible. Literally less than a 45 second read.)
I put a lot of effort into that comment to help you out, and instead of saying "thank you", you respond with this bullshit? What the hell is wrong with you?
Ungrateful prick.
-
What added security do you get by using a VPS besides obscuring your home IP? I can definitely see benifits to not leaking your home address, but otherwise the reverse proxy and wireguard tunnels don't actually add any increased security for the extra steps. You could just host a reverse proxy at home, and any flaws Jellyfin could have in their app would still be exposed.
I'm not knocking your solution, I'm just in a similar place and considering if I want to go through the extra hurdle for a VPS if I don't need one.
Obscuring home IP is the big one. You also don't have to fiddle with opening ports on your router and maybe getting ISP attention for hosting on a residential network. But really obscuring home IP address would work.
Dirt simplest solution is caddy on the same jellyfin server and port forward 443 and 80 on your router to that host. Hopefully letsencrypt will work without a domain but I'm not sure.
-
So an additional 10 bucks a month….
5 actually because you can use minimal hardware. You can probably just port forward your router and run caddy on the same jellyfin server but then expose your home IP address.
