Just learned how to do a reverse proxy
-
Thank you for the explanation. But that's it than? Just convenience with ports?
-
Like, good for you, man.
But you should really keep your stuff inside the VPN and not expose things, it opens up a pile of potential risks that you don't need to have. You can still use a reverse proxy inside the VPN and use your own DNS server that spits out internal addresses to your devices.
-
Well it IS pretty nice to be able to tell people to go to jellyfin.example.com instead of example.com:8096, but you also get security benefits for using a properly set up reverse proxy. You don't need to keep your ports open to the whole internet, only the reverse proxy accesses them. As far as the rest of the internet is concerned, you have :443 open.
-
I don’t even bother with the internal DNS server. I just set my A records in Cloudflare to point to the private IPs
-
Do the private IPs not change at all? Or can you handle that automatically?
I have next to no experience, but I’m pretty sure that wouldn’t work for me since my IP changes? Idk
-
Opening it up lets you use it from devices that aren't on tailscale, or for friends and family. I have the same idea with Nebula instead of Tailscale, if I can figure it out.
-
You can either set a DHCP reservation in your router, or manually set the IP on the device.
When I say private IP, I’m referring to the internal IP e.g 192.168.1.X
Means internally I just go to the domain without having to remember the IP I set.
-
Not really. Personally I'd allow the service account running jellyfin only access to read media files to avoid accidental deletion but otherwise no.
Also, jellyfin docs have a sample proxy config. You should use that. It's a bit more in depth than a normal proxy config.
-
I want to be able to upload/download/share my photos from anywhere in the world without using a VPN. Additionally, this satisfies the wife requirement. It works in the background without her needing her to turn on the VPN. I don't want her to keep asking me how do I turn on the VPN? If it's just me, then no issue, I'll use a VPN.
-
I just use google OAuth since everyone I know has a google account. It just can't use OAuth on private IP addresses, just FQDNs.
-
Authelia is great. Recently added protection for multiple domains.
-
I tired the same, but my router wants to be smart by filtering DNS responses that points to local IP. I guess whoever designed it considered it a security feature.
It is a stock router from the ISP, its configuration interface is minimal, borderline to non existent. -
Oooh. That makes more sense, thank you.
I somehow thought you’d meant your global IP addresses, lol
-
You set up the VPN and it's always on. There's no hassle.
-
Unless you’re on IOS that will shut your VPN off regularly. Or you want somebody else to be able to access what you’re hosting without having to walk theme through a VPN setup they won’t understand.
-
I have a couple dozen customers on ios that use their camera servers via Tailscale. Never had a peep about that sort of thing.
-
Don’t listen to this guy. You don’t have to turtle all your stuff inside a VPN if you don’t want to. Hosting services on the internet is what the internet was created for. It’s up to you whether what you want to host is exposed to the internet or not, and as long as you’re aware of the risks do what you want man. I will mention that Immich specifically might not be the best idea to expose since it’s so unstable, but that depends on your level of comfortability. Worst case scenario is somebody gets into your Immich and can see all your photos. Would this be a dealbreaker for you? If so don’t expose it publicly. Otherwise you’re perfectly fine.
-
Don’t listen to this guy. You don’t have to turtle all your stuff inside a VPN if you don’t want to. Hosting services on the internet is what the internet was created for. It’s up to you whether what you want to host is exposed to the internet or not, and as long as you’re aware of the risks do what you want man. I will mention that Immich specifically might not be the best idea to expose since it’s so unstable, but that depends on your level of comfortability. Worst case scenario is somebody gets into your Immich and can see all your photos. Would this be a dealbreaker for you? If so don’t expose it publicly
-
You’re hearing about it now. It’s an issue with the way iOS handles background tasks and there isn’t any way to fix it. It’s just how the OS works.
-
Well, apparently a bunch of farmers are smart enough to press a button without even bothering me about it.
