Plex has paywalled my server!
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
You’ve got options.
-
I tried testing a movie from my home server in plex through firefox and repeatedly got this message, even after reloading.
I knew that they had paywalled the apps on mobile and streaming from outside the network but now they have also blocked watching your own movies through your own hardware.
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
Even a pop up that says "we need you to donate please" would have been fine. make it pop up before every movie, play donation ads before any movie but straight up disabling the app is kinda cruel.
Anyway, i have switched to jellyfin and it is insanely good. please give it a try. you can run it alongside plex with not issues (at least i had none) and compare the two.
In any case, good luck. Let me know if you need help.
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
-
In this thread:
- An OP that doesn’t understand how their network is working
- People rushing to suggest a solution that they fawn over because it’s open source. I have yet to see anyone recommend Emby.
- “Tailscale will solve all your problems!” Great - how do I make that work on an LG TV that’s 100 miles away?
wrote last edited by [email protected]Seriously. I hate when people assume default settings are the only option. You don't even need a Plex account to set up Plex. It will just be less seamless and user friendly. Never adopt the server, configure these via localhost (ssh tunnel works) and then set up your networking. Don't even need to update it, it will run for as long as the database stays stable. Which should be years or more.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
I think you make a hugely important point and I would definitely use it and I might even be able to help making it.
-
In this thread:
- An OP that doesn’t understand how their network is working
- People rushing to suggest a solution that they fawn over because it’s open source. I have yet to see anyone recommend Emby.
- “Tailscale will solve all your problems!” Great - how do I make that work on an LG TV that’s 100 miles away?
Actual answer for 3:
- put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
- create subdomain, let's say sub.yourdomain.com
- forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
- tell your relatives to put sub.yourdomain.com into their jellyfin app
All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either
- "port forwarding is a bad idea!!", which yes, don't do that. The above is not that. Or
- "people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk" which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).
(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)
-
well, except WinRAR
What do you mean WinRAR isn’t free?!
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
I used synology and reverse proxy. It was pretty easy to set up. The tricky part was going into jellyfins setting and connecting your reverse proxy to the path you made.
Overall my kids and family can now access it anywhere.
-
Actual answer for 3:
- put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
- create subdomain, let's say sub.yourdomain.com
- forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
- tell your relatives to put sub.yourdomain.com into their jellyfin app
All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either
- "port forwarding is a bad idea!!", which yes, don't do that. The above is not that. Or
- "people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk" which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).
(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issued -
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it.
I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
-
What's it from?
wrote last edited by [email protected]From a time when the jerk motion was used en mass. https://www.dailymotion.com/video/x2jvcd5
-
Therefore it's literally impossible for me to watch my media locally, way to go Plex.
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
As someone who is … lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesn’t want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
-
What do you mean WinRAR isn’t free?!
wrote last edited by [email protected]"Free software" is different from "software that is free"
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
I access my stuff via VPN. As for sharing with others, I simply don't do that. VPN is still an option though. Or temporary client whitelisting, etc.
-
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issuedOK, add step above: use wildcard certificate for your domain.
Terminating the TLS connection at your perimeter firewall is standard practice, there's no reason your jellyfin host needs to obtain the certificate.
-
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup.
Welp, I guess they'll just have to start their own servers or you'll have to get out your credit card. Pity.
-
But I ran into challenges getting my server safely accessible for users outside my LAN
FWIW:
- vps + domain (optional?)
- connect vps to home server with wireguard (eg Tailscale)
- reverse proxy on the VPS forwarding to jellyfin (eg Caddy)
Obviously not as trivial or seamless as Plex. Also I wouldn't try to complicate this setup by using docker for everything. But once its up you can basically host whatever you want on the WAN from your LAN.
What added security do you get by using a VPS besides obscuring your home IP? I can definitely see benifits to not leaking your home address, but otherwise the reverse proxy and wireguard tunnels don't actually add any increased security for the extra steps. You could just host a reverse proxy at home, and any flaws Jellyfin could have in their app would still be exposed.
I'm not knocking your solution, I'm just in a similar place and considering if I want to go through the extra hurdle for a VPS if I don't need one.
-
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
wrote last edited by [email protected]Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
-
Out of curiosity, what TV and what OS?
TCL with Google IIRC
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
