this post was submitted on 09 Oct 2023
28 points (88.9% liked)

Selfhosted

46401 readers
1263 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
28
Jellyfin docker outside of lan. (lemm.ee)
submitted 2 years ago by iHUNTcriminals@lemm.ee to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

Kind of a quick off the cuff question.... but is it difficult to get a docker hosted jellyfin server accessible outside of lan safely?

I have tailscale and a VPN I can use for my own devices but would like to be able to access it safely without needing those.

you are viewing a single comment's thread
view the rest of the comments
[–] SheeEttin@lemmy.world 17 points 2 years ago (1 children)

Stick with the VPN. No point in exposing more services with possible security vulnerabilities.

[–] doeknius_gloek@feddit.de 18 points 2 years ago (3 children)

I love Jellyfin but I would absolutely not make it accessible over the public internet. A VPN is the way to go.

[–] iHUNTcriminals@lemm.ee 5 points 2 years ago (2 children)

Yeah I'm thinking maybe just have family sign up for tailscale.

[–] manwichmakesameal@lemmy.world 3 points 2 years ago (3 children)

Why not just run your own WireGuard instance? I have a pivpn vm for it and it works great. You could also just put jellyfin behind a TLS terminating reverse proxy.

[–] dinosaurdynasty@lemmy.world 2 points 2 years ago

Sounds like a pain to get non technical family members to use. If you're willing to break the non web app you could always put it behind an authenticating proxy (which is what I do for myself outside of VPN, setting up a VPN on a phone is obnoxious and I only look at metadata anyway on my phone)

[–] Gooey0210@sh.itjust.works 1 points 2 years ago

Or headscale, works like a charm

[–] kratoz29@lemm.ee 1 points 2 years ago

Why not just run your own WireGuard instance?

CGNAT is a big reason.

[–] SuddenlyBlowGreen@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

Yep, that way you can set ACLs, you they can only access the jellyfin ports + the ports you allow them to.

Also, tailacale DNS.

The fact that tailscale has google/apple/etc logon integration will also help.

[–] Gooey0210@sh.itjust.works 1 points 2 years ago (1 children)

Why "absolutely" not?

[–] doeknius_gloek@feddit.de 2 points 2 years ago (1 children)

Have you seen the link?

[–] Gooey0210@sh.itjust.works 2 points 2 years ago (1 children)

Oh, sorry, sorry, sorry, i didn't think this is a link 😅😅😅

[–] doeknius_gloek@feddit.de 1 points 2 years ago

Haha, no problem!

[–] eluvatar@programming.dev 0 points 2 years ago (1 children)

Oof, that's bad... And lazy

[–] PulsarSkate 5 points 2 years ago

Unfortunately a lot of these issues are architectural issues inherited from Emby