this post was submitted on 26 Jun 2025
455 points (98.1% liked)

Selfhosted

44306 readers
674 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
455
Jellyfin over the internet (startrek.website)
submitted 1 week ago by TribblesBestFriend@startrek.website to c/selfhosted@lemmy.world
275 comments fedilink hide all child comments
 

What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

(page 2) 50 comments
sorted by: hot top controversial new old
[–] MrTolkinghoen@lemmy.zip 15 points 1 week ago (2 children)

Tailscale with self hosted headscale

load more comments (2 replies)
[–] xnx@slrpnk.net 15 points 1 week ago

Tailscale

[–] gravitywell@sh.itjust.works 14 points 1 week ago (8 children)

I rent a cheap $5/mo VPS and use it to run a wireguard server with wgeasy and nginx proxy manager. Everything else runs on my home server connected by wireguard.

load more comments (8 replies)
[–] hietsu@sopuli.xyz 14 points 1 week ago (5 children)

Use a reverse proxy (caddy or nginx proxy manager) with a subdomain, like myservice.mydomain.com (maybe even configure a subdir too, so …domain.com/guessthis/). Don’t put anything on the main domain / root dir / the IP address.

If you’re still unsure setup Knockd to whitelist only IP addresses that touch certain one or two random ports first.

So security through obscurity :) But good luck for the bots to figure all that out.

VPN is of course the actually secure option, I’d vote for Tailscale.

load more comments (5 replies)
[–] PieMePlenty@lemmy.world 14 points 1 week ago (4 children)

I access it through a reverse proxy (nginx). I guess the only weak point is if someone finds out the domain for it and starts spamming the login screen. But I've restricted access to the domain for most of the world anyway. Wireguard would probably be more secure but its not always possible if like on vacation and want to use it on the TV there..

load more comments (4 replies)
[–] EncryptKeeper@lemmy.world 13 points 1 week ago* (last edited 1 week ago)

If you’re a beginner and you’re looking for the most secure way with least amount of effort, just VPN into your home network using something like WireGuard, or use an off the shelf mesh vpn like Tailscale to connect directly to your JF server. You can give access to your VPN to other people to use. Tailscale would be the easiest to do this with, but if you want to go full self-hosted you can do it with WireGuard if you’re willing to put in a little extra leg work.

What I’ve done in the past is run a reverse proxy on a cloud VPS and tunnel that to the JF server. The cloud VPS acts as a reverse proxy and a web application firewall which blocks common exploits, failed connection attempts etc. you can take it one step beyond that if you want people to authenticate BEFORE they reach your server by using an oauth provider and whatever forward Auth your reverse proxy software supports.

[–] r00ty@kbin.life 12 points 1 week ago (1 children)

Wireguard vpn into my home router. Works on android so fire sticks etc can run the client.

load more comments (1 replies)
[–] snowflocke@feddit.org 9 points 1 week ago

We have it open to the public, behind a load balancer URL filtering incomming connection, https proxied through cloudflare with a country filter in place

[–] captainastronaut@seattlelunarsociety.org 9 points 1 week ago

If it’s just so you personally can access it away from home, use tailscale. Less risky than running a publicly exposed server.

[–] bl_r@lemmy.dbzer0.com 8 points 1 week ago (1 children)

Tailscale, with nginx for https.

Very easy, very simple, just works, and i can share my jellyfin server with my friends

load more comments (1 replies)
[–] Merlin@discuss.tchncs.de 7 points 1 week ago

I just install tailscale at family houses. The limit is 100 machines.

[–] circledot@feddit.org 7 points 1 week ago

I use a wire guard tunnel into my Fritz box and from there I just log in because I'm in my local network.

[–] recall519@lemm.ee 7 points 1 week ago (1 children)

Cloudflare. No public exposure to the internet.

[–] Batman@lemmy.world 9 points 1 week ago (4 children)

Are we not worried about their terms of service? I've been using pangolin

load more comments (4 replies)
[–] Novi@sh.itjust.works 7 points 1 week ago

Over the top for security would be to setup a personal VPN and only watch it over the VPN. If you are enabling other users and you don't want them on your network; using a proxy like nginx is the way.

Being new to this I would look into how to set these things up in docker using docker-compose.

[–] swearengen@sopuli.xyz 7 points 1 week ago

I'm just using caddy and a cheap $2 a year .top domain with a $4 a month VPS. Works for my users, I only have 3 users on my server.

[–] chug-capture-ahoy@piefed.social 7 points 1 week ago

Tailscale - funnel

Just that

load more comments
view more: ‹ prev next ›