Jellyfin over the internet
-
How would you do this off network?
what do you mean by off network? on the wifi of a different home's network, that has internet access?
the wireguard client on your laptop is supposed to give the laptop (and the laptop only) access to your home network, and the reverse proxy running on the laptop is supposed to give local devices access to services at home selectively, by listening on port 443 on the local network, and processing requests to services that you defined, by forwarding them through the vpn tunnel.
this requires that a machine at home runs a wireguard server, and that its port is forwarded in your router -
Even more secure is having a VPS and self hosting Heascale, even better is Wireguard
I'm trying to move away from needing a VPN to connect to make it simpler for less technically inclined family members
-
Not so much a fight as an exercise in futility lol
Well, I might as well put a dog in the fight. I'm considering my final, actually secure deployment of nextcloud.
This discussion has convinced me that a vpn is the only answer.
And almost everyone says wireguard.K. Thats what I will build.
-
Well, I might as well put a dog in the fight. I'm considering my final, actually secure deployment of nextcloud.
This discussion has convinced me that a vpn is the only answer.
And almost everyone says wireguard.K. Thats what I will build.
It’s not the only answer, but it’s the one that will get you the most secure with the least amount of effort.
-
I'm trying to move away from needing a VPN to connect to make it simpler for less technically inclined family members
Usually just needs to be set up once. A small price to pay for security.
-
It’s not the only answer, but it’s the one that will get you the most secure with the least amount of effort.
wrote last edited by [email protected]Ya. I understand VPN. I do enterprise IT stuff. The things I build assume a secure environment. VPN is step one.
Nailing down a web server on the internet tho ... there's so many ways to attack. There's so many things to secure. And its a bit complex to manage all that.
The nextcloud site covers hardening the server, but doesn't even mention vpn.
I've been watching threads like this. I'm pretty convinced vpn is the answer. -
Ya. I understand VPN. I do enterprise IT stuff. The things I build assume a secure environment. VPN is step one.
Nailing down a web server on the internet tho ... there's so many ways to attack. There's so many things to secure. And its a bit complex to manage all that.
The nextcloud site covers hardening the server, but doesn't even mention vpn.
I've been watching threads like this. I'm pretty convinced vpn is the answer.Yeah Nextcloud won’t mention VPN for hardening because the assumption is you want it publicly accessible.
I have a number of things publicly accessible and there are a number of things I do to secure them. crowdsec monitoring and blocking, a reverse proxy with OIDC for authentication, a WAF in front of it all. But those are only for the things I have exposed because I want other people to use them. If it’s something just for me, I don’t bother with all that and just access it via VPN.
-
Someone mentioned above that cloudflare will ban you for streaming through their tunnel. Just be warned.
yeah it’s in the terms of service but my usage will be so small it’s not even going to register on their charts so i’m happy with the risk.
-
Yeah Nextcloud won’t mention VPN for hardening because the assumption is you want it publicly accessible.
I have a number of things publicly accessible and there are a number of things I do to secure them. crowdsec monitoring and blocking, a reverse proxy with OIDC for authentication, a WAF in front of it all. But those are only for the things I have exposed because I want other people to use them. If it’s something just for me, I don’t bother with all that and just access it via VPN.
Ok. Yes, my use case is a private document and media store. I'm ungoogling.
VPN seems like a good place to start. But I'd like a simple answer, and I expect there are none to be had. As you've illustrated here, I'll find a reason to punch holes in the firewall. And then I'm going to need to secure a web server. Life happens. I'll keep it simple for now while I sort things. Thanks for your perspective. -
What’s your go too (secure) method for casting over the internet with a Jellyfin server.
I’m wondering what to use and I’m pretty beginner at this
I keep jellyfin up to date in a container and forward tcp/8920 on my router to the container. Easy and plenty secure. People in this thread are wildly overthinking it.
