this post was submitted on 01 Apr 2026
658 points (99.1% liked)

Selfhosted

58212 readers
583 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
658
Jellyfin critical security update - This is not a joke (github.com)
submitted 4 days ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
233 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] varnia@lemmy.blahaj.zone 26 points 4 days ago (2 children)

There is a good reason I only have Jellyfin and other services accessible via valid Client Certificate.

[–] daniskarma@lemmy.dbzer0.com 7 points 4 days ago (1 children)

Does it work with android and TV apps?

I tried long ago and failed.

[–] varnia@lemmy.blahaj.zone 12 points 4 days ago* (last edited 4 days ago) (1 children)

No, we only use Jellyfin via browser. Unfortunately even with imported Client Cert, Android apps won't work.

Edit: Client Certs need to be implemented per App. There is a feature request from 2022 https://features.jellyfin.org/posts/1461/capability-to-specify-client-certificate-for-android-client

[–] sudoMakeUser@sh.itjust.works 2 points 4 days ago (1 children)

Also interested how this works for mobile apps. I self host a number of services through caddy as my reverse proxy but each application is just dependent on it's own authentication. If I exposed all my services to the internet, that's a huge attack vector. If anyone else has some ideas I'd be happy to listen.

[–] daniskarma@lemmy.dbzer0.com 2 points 4 days ago

If you are the only user and don't need to use those apps in devices you don't own a vpn is the way to go.

If not. Depending the number of users you could do some heavy ip geoblocking to at least reduce the exposed surface.

There are a few services I have just like 3 IPs allowed to get a response from caddy, any other ip gets 403 error.