Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
- 
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon. 
- 
No spam posting. 
- 
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear. 
- 
Don't duplicate the full text of your blog or github here. Just post the link for folks to click. 
- 
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda). 
- 
No trolling. 
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Thats not what I meant. I of course have wireguard set up for administration and my own streaming needs. But friends of mine who were able to use plex by just making an account but now they cant because of course there is no relay server etc. I'll have to think of a way to make it available to them (easily!) without putting my network at risk.
This is how I do it: https://codeberg.org/skjalli/jellyfin-vps-setup
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it. :D I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby 😅
You're an absolute champ! Thanks for walking the walk. Its refreshing meeting people who do stuff. Feel free to check out my kodi peertube app at some point ;)
Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
https://www.youtube.com/watch?v=CJ1PZkTNvzI
Yeah, or not.
My primary worry for this is that something in the jellyfin stack gets an open vulnerability, like there's an overflow you can use on a post call to a piece of media allowing remote code execution.
Tautulli had a leak once that provided the user's private token. Then there was a way in Plex with a private token to pull data from elsewhere on the server. That's how LastPass got nuked I hear.
I get you and I know that there can be security issues (especially in Jellyfin) that might give you access. This is the reason I only mount the media and config folders, and nothing else into the docker container. The media folders are mounted as read only and don't contain sensitive information. For the config folder I created a separate user. Plus I block non-German IP addresses which already blocks quite some bots. If your friends have fixed IP addresses you could also just whitelist them and block everything else.
You could also probably sniff the network and define more strict rules on 'allowed' requests in fail2ban but this is bridle because requests might change with different versions.
They actually do a small login f2b effort right in JF, but it appears to be quite limited.
The container is more secure by default, and if people set up their docker well it reduces the dangers substantially. A lot of people don't go docker though.
Yeah the link I posted does everything via docker and explains what should be mounted and how.
That's awesome and thank you for sharing that
Mine is public, but I block every state but the one all of my users live in(family) and I never get unwanted visitors. Couldn't say the same if I lived in NY or CA.
If they have static IP addresses, you may be able to whitelist them in your proxy, or maybe there's some sort of dyndns client/relay software you can run if their ips change.
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup. :)
Welp, I guess they'll just have to start their own servers or you'll have to get out your credit card. Pity.
yeah no. there are a lot of other solutions to this. they're just a little annoying. others have confirmed there are similar setups like plex is doing with a relay server, but selfhosted.
Jellyfin servers don't connect to eachother, or relay themselves to anything else beyond simple reverse proxies. I looked over the entire thread and didn't see anything but ldap and tailscale/wireguard suggestions.
You said there were a lot of other solutions, so wherever those solutions are, I'm sure they'll work out. Good luck!🙃
You're pretty hostile. Good luck with that attitude.
Good luck with your new Plex subscription, ""self""-hoster. 😉