Plex has paywalled my server!
-
Would you consider this a particularly constructive comment?
What's wrong with it?
-
What's wrong with it?
The term SSL has been colloquially used for the last decade, and it would be difficult, if not impossible, to confuse the two and issue the wrong type of security at this point. Are there even packages that old available to Docker?
We're having an informal discussion here about how to make Jellyfin security less daunting to the average user. Taldan is apparently knowledgeable about the situation and could lend a conceptual hand to the process, but I suspect they chose instead to nitpick terminology that's still used in common parlance. Since I have some doubts, but don't wish to assume, I asked a simple question.
-
Threads like this are why people don't use open source. It sounds like a reality-denying anti-intellectual one-size-fits-all cult in here. This is also like half the threads about Linux. Just armies of tech bros who couldn't put themselves in someone else's shoes if their life literally depended on it.
wrote last edited by [email protected]If people choose not to use software that's open source because of the way people talk on some thread.. were they intellectually thinking about their own best interests? It's like no longer enjoying a show because some fans did something cridge - anything popular enough will have weirdos (from someone's perspective).
-
Threads like this are why people don't use open source. It sounds like a reality-denying anti-intellectual one-size-fits-all cult in here. This is also like half the threads about Linux. Just armies of tech bros who couldn't put themselves in someone else's shoes if their life literally depended on it.
Plex server isn't open source.
-
What's wrong with it?
SSL or the comment? The comment is annoying because people use TLS and SLL interchangeably in colloquial speak.
-
Yes! You just have to set up your reverse proxy to send everything through it and it'll block the unauthenticated access.
The downside is that apps stop working since they don't have a way to authenticate with authelia. I've installed it as a PWA on my phone and use an old laptop with the TV interface on my TV, but it's not perfect
Are you sure that works? I'm pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
-
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don't put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don't have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
This will work fine over the web, but won’t work with clients.
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don’t put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don’t have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
edit:
I just tried it, it appears to work so far.
I can send websocket traffic inbound to 8096: to the JF server and it loads on web, Android and Roku clients with an ACL limiter on originating ips.
and send 8096/whitelist to another server altogether with no ACL limits.On that process, I'd load nginx, authelia, fail2ban and what flask? Surely someone has a python longin/admin framework that I could hijack for this. Then have that app reack over in shared container storage to twiddle the haproxy config to add some ip's and reload it?
I wonder if I could do something to the haproxy side to detect non-use of an IP and remove it.
-
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you're good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
This is not true in practice, I have plexpass for my server and my wife can't watch on her phone because they want her to pay too...
-
Are you sure that works? I'm pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
I just put it behind an HAProxy a few minutes ago, It appears to be fine. You just need something capable enough to handle web sockets. I've made it all the way through an episode of The real monsters without any problems.
Again, you're not going to be able to 2FA it that way, what I'm looking at doing is IP whitelisting it in HAProxy using a small web helper that is 2FA, accessed via the same port but on a separate path.
-
This is how I do it: https://codeberg.org/skjalli/jellyfin-vps-setup
My primary worry for this is that something in the jellyfin stack gets an open vulnerability, like there's an overflow you can use on a post call to a piece of media allowing remote code execution.
Tautulli had a leak once that provided the user's private token. Then there was a way in Plex with a private token to pull data from elsewhere on the server. That's how LastPass got nuked I hear.
-
Are you sure that works? I'm pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
wrote last edited by [email protected]Both jellyfin and authelia support reverse proxies.
Here's jellyfin's guide: https://jellyfin.org/docs/general/post-install/networking/reverse-proxy/
And here's authelia's:
https://www.authelia.com/integration/proxies/introduction/There's some restrictions (like websocket support) but it's not too bad to set up.
Still, if you don't need to expose it to the internet, put it behind a vpn.
-
This is not true in practice, I have plexpass for my server and my wife can't watch on her phone because they want her to pay too...
wrote last edited by [email protected]She needs to update her app probably, it works fine for my wife on my server
-
That’s not going to scale...
How many mothers do you have?
None of your business, insensitive clod.
-
I do all of those things except neuter animals. Most rural folks do.
If you’re cleaning your own teeth, you’re missing several.
-
Bro you asked for a guide, I gave you a guide. The fuck you want from me? (For convenience sake I even made as short as possible. Literally less than a 45 second read.)
I put a lot of effort into that comment to help you out, and instead of saying "thank you", you respond with this bullshit? What the hell is wrong with you?
Ungrateful prick.
I asked for a guide on how to setup a VPN on my LG TV.
Please specifically point out where in your long repo se you provided a guide on how to run a VPN on my LG TV.
-
None of your business, insensitive clod.
wrote last edited by [email protected][email protected] wrote:
Great; how do I get my Mother to do that over the phone?
That’s not going to scale as I share out my server.
Are you incapable of recognizing that in this context my comment was a joke? What the fuck is wrong with you?
-
I asked for a guide on how to setup a VPN on my LG TV.
Please specifically point out where in your long repo se you provided a guide on how to run a VPN on my LG TV.
wrote last edited by [email protected]Again, you don't need a VPN if you follow my guide. Your reading comprehension is worse than mine, and I have ADHD. *sigh*
-
I made the switch a few months back as well. Have you had the issue where"Recently Added" just straight up doesn't work? It's about 50/50 for me whether my new downloads show up there or not, and if they do, it's usually inserted somewhere down the list between other things I added months ago. Not sure if there's a workaround, but it's my #1 complaint with Jellyfin. Otherwise, it's been great.
How is your underlying file system set up?
-
Both jellyfin and authelia support reverse proxies.
Here's jellyfin's guide: https://jellyfin.org/docs/general/post-install/networking/reverse-proxy/
And here's authelia's:
https://www.authelia.com/integration/proxies/introduction/There's some restrictions (like websocket support) but it's not too bad to set up.
Still, if you don't need to expose it to the internet, put it behind a vpn.
Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
"Hacking around with a reverse proxy is strongly discouraged and we won't provide any support for it."
-
I just put it behind an HAProxy a few minutes ago, It appears to be fine. You just need something capable enough to handle web sockets. I've made it all the way through an episode of The real monsters without any problems.
Again, you're not going to be able to 2FA it that way, what I'm looking at doing is IP whitelisting it in HAProxy using a small web helper that is 2FA, accessed via the same port but on a separate path.
Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
"Hacking around with a reverse proxy is strongly discouraged and we won't provide any support for it."
