Selfhosted

56953 readers

879 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

LXC Jellyfin Container and Tailscale (mander.xyz)

submitted 2 days ago* (last edited 2 days ago) by NastyNative@mander.xyz to c/selfhosted@lemmy.world

9 comments fedilink hide all child comments

Progress so far - https://mander.xyz/post/47833580

My next objective is configuring Jellyfin for secure external access. It is fully operational on my LAN and is performing significantly better than the Windows instance I previously ran.

I have installed Tailscale on the Proxmox VE host shell to enable remote access and have also enabled multi-factor authentication on my proxmox account. While everything appears to be functioning properly, I am still relatively new to Tailscale and want to ensure I am implementing this securely.

My initial assumption was that I would also need to install Tailscale within the Jellyfin LXC container. However, I have encountered conflicting information suggesting this may introduce security concerns, particularly when dealing with container privileges and root access. As a result, I am uncertain whether this is the appropriate approach.

What is the recommended and secure method to provide external access to Jellyfin in this setup?

top 9 comments

sorted by: hot top controversial new old

[–] Decronym@lemmy.decronym.xyz 1 points 1 day ago* (last edited 1 day ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DNS	Domain Name Service/System
LXC	Linux Containers
SSL	Secure Sockets Layer, for transparent encryption
TLS	Transport Layer Security, supersedes SSL

3 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.

[Thread #133 for this comm, first seen 4th Mar 2026, 10:50] [FAQ] [Full list] [Contact] [Source code]

[–] baner@lemmy.zip 1 points 1 day ago (1 children)

You have 2 options:

1 - Open up Jellyfin port (8093) in your router if you are not behind a cgnat and add a reverse proxy

2 - Get a small vps and a domain, install a reverse proxy and use tailscale to connect the vps with your home server, point your domain to the vps and forward traffic to jellyfin.

[–] NastyNative@mander.xyz 1 points 1 day ago (1 children)

I can open the required port without issue. However, I would like to further educate myself on reverse proxy configurations, as I believe this would be the most secure and appropriate approach. Thank you!

[–] baner@lemmy.zip 1 points 1 day ago

What is the use case? Share with family and friends?

[–] rtxn@lemmy.world 2 points 2 days ago (1 children)

external access

Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?

[–] NastyNative@mander.xyz 1 points 2 days ago (1 children)

anywhere from the internet.

[–] rtxn@lemmy.world 2 points 2 days ago* (last edited 2 days ago) (1 children)

Tailscale Funnel will let you expose a host to everyone on the internet. You'll need the Tailscale client running on either the Jellyfin host or a reverse proxy pointing to it. Tailscale itself will act as a reverse proxy with TLS encryption, plus a DNS server.

Exposing a service to the internet will always present some risk. You should definitely run your LXCs as unprivileged, unless needed otherwise, to mitigate the potential damage if an attacker escapes the container, or put the services in full virtual machines.

[–] baner@lemmy.zip 2 points 1 day ago* (last edited 1 day ago) (1 children)

Just remember that using funnel for streamimg servicies it is against the toss.

[–] NastyNative@mander.xyz 1 points 1 day ago

Tailscale actually has good documentation on this Funnel and I read the same. Thank you!