Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
You didn't expose it to the internet right?
If you want remote access setup client certs
How?
Ya got three options.
Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.
Option B is to generate a certificate with Let's Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.
Option C is to buy a certificate from your DNS provider aka something like cloudflare.
IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.
I like helping and fixing stuff, if you'd like to know anything just ask :D
Nor is it authentication.
Oooo ya know I actually don't know about these. I've done both A and B for my homelab and C for work.
Any good resources / insight into mTLS? I appreciate the response btw!
https://www.youtube.com/watch?v=YhuWay9XJyw
You really should not expose stuff to the internet willy nilly. If you must you need to have extensive monitoring and security controls plus you should understand the application at a deep level.
Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.
Don't worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.
Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.
Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.
But yeah I know how to fucking Google lol
Then why reply at all? Zero effort is to avoid commenting, maximum effort is trying to answer, "Google?" is wasted effort
Who pissed in your cornflakes?
I get the impression you're the type of person who encounters assholes everywhere you go.
That is for server side certs not client side. I'm talking about Mutual TLS.
Setting up https is not going to stop bots. All it does is prevent man in the middle attacks. You want to limit who and what can access Jellyfin so that you don't end up being a victim of an automated exploit.
Kleopatra
That isn't mutualTLS
It just is a frontend for gpg. You need OpenSSL for mutual certs.