Plex has paywalled my server!
-
Basic functionality, I've heard good things about the crappy Walmart ONN branded ones.
I know there are Alibaba options, But I'm awfully afraid of a lot of those have worst security issues than opening up jellyfin.
Thanks- was hoping there was something out there that’s a bit less tied into some large Amazon-y or Google-y type anything
For all their lack of privacy, the Fire Sticks perform pretty well
-
I think you make a hugely important point and I would definitely use it and I might even be able to help making it.
wrote last edited by [email protected]Current Idea:
Traefik does most of this through plugins, except the whitelist modifier,
Whitelisted?
- user: https://bob.com:9901/ -> jellyfin
Not Whitelisted?
- user: https://bob.com:9901/ -> 404
Whitelisted or Not whitelisted?
- user: bob.com/whitelist -> nginx/python, authelia, fail2ban, traefik whitelist modifier
-
You're pretty hostile. Good luck with that attitude.
wrote last edited by [email protected]Good luck with your new Plex subscription, ""self""-hoster.
-
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
Yes! You just have to set up your reverse proxy to send everything through it and it'll block the unauthenticated access.
The downside is that apps stop working since they don't have a way to authenticate with authelia. I've installed it as a PWA on my phone and use an old laptop with the TV interface on my TV, but it's not perfect
-
Basic functionality, I've heard good things about the crappy Walmart ONN branded ones.
I know there are Alibaba options, But I'm awfully afraid of a lot of those have worst security issues than opening up jellyfin.
+1 for Walmart Onn, very easy to debloat and degoogle, supports SmartTubeNext, S0undTV (Twitch), Jellyfin, Plex, whatever else you want.
-
I run a reverse proxy too. are you talking about a public one? I'm probably gonna use a relay server for it which essentially is the same I guess.
Yes, the public one. I just use synology ddns as the public address. I'm good with programming, but when it comes to IT stuff, I'm dead in the water. So, their infrastructure helped
-
Old news, but time for Jellyfin. I made the switch a couple months ago. Some minor teething issues, but better, IMO, especially now as my family all have LDAP users and that just works.
I made the switch a few months back as well. Have you had the issue where"Recently Added" just straight up doesn't work? It's about 50/50 for me whether my new downloads show up there or not, and if they do, it's usually inserted somewhere down the list between other things I added months ago. Not sure if there's a workaround, but it's my #1 complaint with Jellyfin. Otherwise, it's been great.
-
Yes, the public one. I just use synology ddns as the public address. I'm good with programming, but when it comes to IT stuff, I'm dead in the water. So, their infrastructure helped
Neat. Thanks for suggesting.
-
What about switching to Jellyfin?
I have been using rygel. I don't need anything fancy, dump a few media folders onto any VLC player on the LAN.
-
"Free software" is different from "software that is free"
True, though WinRar is technically neither.
-
Lots of those issues have been blown out of proportion, and would never be a real concern for the “just a dude running a server in his closet for his friends” setups. Which, to be clear, is the vast majority of setups.
For instance, virtually all of the worst issues require that the attacker already has a valid login token. So unless they stole your buddy’s credentials, the only one to truly worry about would be your buddy directly. But yes, Jellyfin has some gaping holes, and letting it touch the WAN at all is always a risk. You’re giving attackers a new potential vector of attack that didn’t exist before, so that’s worth noting.
unless they stole your buddy's credentials
Thank God trolls never steal people's credentials so they can hack a small server because they're bored.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
probably SSL
*TLS
SSL has been deprecated for a decade at this point
-
probably SSL
*TLS
SSL has been deprecated for a decade at this point
Would you consider this a particularly constructive comment?
-
Strange that plex.tv isn't blocked while a "personal" categorized website is. Have you looked to see what category your domain is shuffled under? You could try submitting a recategorization request to Cisco Umbrella or Fortinet databases. Requests for recategorization are free to do.
I've tried submitting recategorization requests through the links provided by my workplace on the block pages. The requests have been denied.
If I'm remembering right, it's a Symantec web filtering solution that we use and they've decided that my domain is in the "personal blog" category. Which is a blocked category. Jeff Geerling's website actually falls under the same category, which also kind of sucks, because I like reading some of the stuff he puts out.
-
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
Yes I am, but I don't want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It's ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it's a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it's running.
-
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you're good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
-
Now that's an interesting thought.
A web page with Authelia, login and a firewall.
If you're not logged in, All you get is a login page. If you are logged in, It passes you straight through to jellyfin.
So any device and client would be able to access it without issue once a phone or computer on the network had logged in just once.
The web page modifies the HA proxy ACL and forces a reload.
This will work fine over the web, but won’t work with clients.
-
Yes I am, but I don't want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It's ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it's a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it's running.
You've likely given it full control to whatever storage you've mounted in the container anyway, unless you've given it the :ro flag, which in that case would operate the same regardless of networking mode. If someone gains access to your internal host, you have bigger problems. Some things just play better under host mode and all bridged mode is doing is creating a virtual switch on your host and passing allowed traffic through it at a base level. The best way to protect is by running a load balancer in a DMZ and proxying all of the traffic through it which is how I have my instance running. I funnel everything external --> TCP\UDP 443 in DMZ vlan load balancer --> internal LAN IP:docker port. I run a mix of host network or bridged mode depending on the container.
-
I tried testing a movie from my home server in plex through firefox and repeatedly got this message, even after reloading.
I knew that they had paywalled the apps on mobile and streaming from outside the network but now they have also blocked watching your own movies through your own hardware.
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
Even a pop up that says "we need you to donate please" would have been fine. make it pop up before every movie, play donation ads before any movie but straight up disabling the app is kinda cruel.
Anyway, i have switched to jellyfin and it is insanely good. please give it a try. you can run it alongside plex with not issues (at least i had none) and compare the two.
In any case, good luck. Let me know if you need help.
Threads like this are why people don't use open source. It sounds like a reality-denying anti-intellectual one-size-fits-all cult in here. This is also like half the threads about Linux. Just armies of tech bros who couldn't put themselves in someone else's shoes if their life literally depended on it.
