Hello. I have just recently started with self hosting my media with Jellyfin… and I am LOVING it! I had been carrying around media players for decades, with everyone looking at me like an insane crank for not giving up on my hundreds of gigs of media for SAS things like spotify… now they’re jealous! We’ve come full circle!

Annnyway. Obviously, I want to access the server anywhere, and don’t want to just raw-dog an open port to the internet- yikes!

There are SO MANY ways and guides and thoughts on this, I’m a bit overwhelmed and looking for your thoughts on the best way to start off… it doesn’t have to be ‘fort knox’ and I am sure I’ll adjust and pivot as I learn more… but here are the options I know of (did I miss any?):

  • Tailscale VPN connection

  • Reverse Proxy with Caddy or similar (this is recommended as easy in the jellyfin official guides and thus is my current leading contender!)

  • Docker/VM ‘containerized’ server with permissions/access control

What are your thoughts on the beginner-friendly-ness and ease of setup/management of these? This is exclusively for use by me and my family, so I don’t need something that’s easy for anyone to access with credentials… just our handful of devices.

Please don’t laugh, but I’m currently hosting on a Raspberry Pi5 with a big-ass harddrive attached (using CasaOS on a headless Ubuntu Server). I know this is JANK as far as self-hosting goes, and plan to upgrade to something like NAS in the future, but I’m still researching and learning, and aside from shitty video transcoding, it’s working fine for now… Thank you in advance for your advice, help and thoughts!

  • frongt@lemmy.zipEnglish
    295·
    12 hours ago

    VPN. Jellyfin is not intended for direct exposure to the Internet.

    You should run it in docker anyway for convenience. A reverse proxy is optional, but I use traefik also for convenience (so that I can just use domain names on the same port, and so that it can automatically fetch certs).

    • Saik0@lemmy.saik0.comEnglish
      101·
      8 hours ago

      Jellyfin is not intended for direct exposure to the Internet.

      https://jellyfin.org/docs/general/post-install/networking/

      There are multiple ways of exposing Jellyfin to the outside - the most common ones are:
      forwarding its Ports directly to the internet (not recommended!)
      forwarding through a Reverse Proxy
      using a VPN connection to enter the Network
      use a VPS to Reverse Proxy to your home network

      Intended… not recommended. The reverse proxy one should also not be recommended until they resolve the unauthed endpoints issue as well really. Security is a weak point on Jellyfin in general.

      • Possibly linux@lemmy.zipEnglish
        22·
        7 hours ago

        They need to switch to cookie based auth instead of doing the weird think with the URLs

        • Saik0@lemmy.saik0.comEnglish
          11·
          7 hours ago

          Yeah the API token exposure in the URLs is another thing… And that can expose itself in all sorts of ways.