Plex has paywalled my server!
-
well, except WinRAR
What do you mean WinRAR isn’t free?!
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
I used synology and reverse proxy. It was pretty easy to set up. The tricky part was going into jellyfins setting and connecting your reverse proxy to the path you made.
Overall my kids and family can now access it anywhere.
-
Actual answer for 3:
- put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
- create subdomain, let's say sub.yourdomain.com
- forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
- tell your relatives to put sub.yourdomain.com into their jellyfin app
All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either
- "port forwarding is a bad idea!!", which yes, don't do that. The above is not that. Or
- "people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk" which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).
(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issued -
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it.
I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
-
What's it from?
wrote last edited by [email protected]From a time when the jerk motion was used en mass. https://www.dailymotion.com/video/x2jvcd5
-
Therefore it's literally impossible for me to watch my media locally, way to go Plex.
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
As someone who is … lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesn’t want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
-
What do you mean WinRAR isn’t free?!
wrote last edited by [email protected]"Free software" is different from "software that is free"
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
I access my stuff via VPN. As for sharing with others, I simply don't do that. VPN is still an option though. Or temporary client whitelisting, etc.
-
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issuedOK, add step above: use wildcard certificate for your domain.
Terminating the TLS connection at your perimeter firewall is standard practice, there's no reason your jellyfin host needs to obtain the certificate.
-
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup.
Welp, I guess they'll just have to start their own servers or you'll have to get out your credit card. Pity.
-
But I ran into challenges getting my server safely accessible for users outside my LAN
FWIW:
- vps + domain (optional?)
- connect vps to home server with wireguard (eg Tailscale)
- reverse proxy on the VPS forwarding to jellyfin (eg Caddy)
Obviously not as trivial or seamless as Plex. Also I wouldn't try to complicate this setup by using docker for everything. But once its up you can basically host whatever you want on the WAN from your LAN.
What added security do you get by using a VPS besides obscuring your home IP? I can definitely see benifits to not leaking your home address, but otherwise the reverse proxy and wireguard tunnels don't actually add any increased security for the extra steps. You could just host a reverse proxy at home, and any flaws Jellyfin could have in their app would still be exposed.
I'm not knocking your solution, I'm just in a similar place and considering if I want to go through the extra hurdle for a VPS if I don't need one.
-
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby
wrote last edited by [email protected]Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
-
Out of curiosity, what TV and what OS?
TCL with Google IIRC
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
-
My tech-illiterate mom uses my Jellyfin instance with no issues. I sent her a link to the app store, her credentials, my server's hostname and that was it. And once it's set up, Jellyfin is much more straightforward to use than Plex.
Sure Jellyfin has issues and doesn't support as many types of devices, but Plex is far from perfect. I use it like twice a year, and the UI gets more and more confusing with each update IMO.
Jellyfin doesn’t have an app on every App Store. On some, you have to sideload it, by enabling developer mode and connecting to a PC that is running an App Store server. Then the TV downloads it from the PC.
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
Can your router open ports from a hostname vs an IP? If so, clients could run dynamic DNS.
WG client side isn't really that hard, though. All the fam run WG 24/7 on devices, and only traffic for the internal network goes through it.
-
It's pretty rare that a company starts taking away free features and doesn't end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn't worth $20 you probably don't need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let's Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don't know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
wrote last edited by [email protected]Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It's tough because I get they're an open-source project, and they're volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it's not accessible via WAN and instead has to go through a VPN, though that'd make it harder to share with others.
-
Great; how do I get my Mother to do that over the phone?
wrote last edited by [email protected]It's not a cake walk, but I've something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router's needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn't easy, but he ultimately succeeded.
-
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
