Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Kinda defeats the purpose of a media server built to be used by multiple people
Use a VPN, it's not ideal but it's secure.
Somehow difficult to install on a TV though.
That’s why you do it at your router or gateway and then set a route for the Jellyfin server through the VPN adapter. That way any device on your network will flow through the tunnel to the Jellyfin server including TVs
Which again implies that you have a router that allows you to do so. It's not always the case. For tech enthusiast people that's the case. But not for everyone.
I tried to do the same thing at first, but it was a pain, there were tons of issues.
Oh yes, the routers and gateways that most people have that are isp provided that may not actually have open VPN or wireguard support.
Those ones?
Also putting a VPN in someone else's house so that all their Network traffic goes through your gateway is pretty damn extreme.
What? No, you can do a tiny reverse proxy/vpn on a stick with something like a RPi. Configure it and give it to them. Then they point their Jellyfin client on their device to the IP of the RPi instance on their network and that creates the tunnel back to your VPN endpoint and server.
And for VPNs at a router level you can inject routes and leave th default route going out through your ISP, you don’t need to, nor want to, have all traffic going through it.
Yahnlets see a roku use a VPN.
This attitude is why Plex remains popular.
Easy for me but not my aunts, cousins or father in law to setup and use.
Nor will the VPN work on things like their TV or Roku or game console. You know the things that people typically sit down and watch media on....
Wireguard and possibly openvpn work on Android TVs. I set it up for my mom. Not sure about other OSs.
they are not setting up the Jellyfin server either, why would they need to bother with the VPN?
They're connecting to it.
yeah, it's the operator's job to help setting that up
I'd rather just not use it at that point
The difference is that my friends get a lot of value out of my server, as they don't need to use any technology they're unfamiliar with.
you are better just closing up shop then, because it's not like the other services you are hosting are much better. vulnerabilities being discovered don't mean they don't exist, it just means the software is not popular enough or too complex for someone to look into it
lol the whole internet better shut down right? Too vulnerable
much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don't see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don't recommend these practices to anyone, because you are putting them at risk.
I mean I do this stuff for a living but okay go off king
would not ever use your services in that case
Thank god
wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian
I really doubt your work has anything to do with computers
You're hilarious. I haven't downvoted you, others are reading these threads as well.
Talking about security... Have you heard of intrusion detection, process isolation, or principle of least privilege?
are you aware that the very popular official docker image for jellyfin still runs the jellyfin process as root? or that most people just mount their media libraries as a read-write volume because they don't know better?
I would also be very interested about statistics on how many jellyfin admins run intrusion detection software on their system, if you have any.
I'm not running my stuff as root if I don't have to. You're moving goalposts
"if I don't have to". and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it's sensible by default)? I smell doubt.
but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.
I'm not moving goalposts. I'm still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don't care how are you running Jellyfin. I don't want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won't have.
I had my fun with you but this is becoming increasingly annoying
Which doesn't work for The grand majority of devices that would be used to watch said media.
Tvs game consoles rokus so on so forth typically don't support VPN clients.
The Jonathan clients for these devices also typically don't support alternative authentication methods which would allow you to put jellyfin behind a proxy and have the proxy exposed to the internet. Gating all access to jellyfin apis behind a primary authentication layer thus mitigating effectively all security vulnerabilities that are currently open.
and that's why you set up a VPN client box on the location, set it up as a regular VPN client, and install a reverse proxy on it that the dumb clients can connect to.
the VPN box could be as simple as an old android phone no one uses, and termux