Hello. I have just recently started with self hosting my media with Jellyfin... and I am LOVING it! I had been carrying around media players for decades, with everyone looking at me like an insane crank for not giving up on my hundreds of gigs of media for SAS things like spotify... now they're jealous! We've come full circle!
Annnyway. Obviously, I want to access the server anywhere, and don't want to just raw-dog an open port to the internet- yikes!
There are SO MANY ways and guides and thoughts on this, I'm a bit overwhelmed and looking for your thoughts on the best way to start off... it doesn't have to be 'fort knox' and I am sure I'll adjust and pivot as I learn more... but here are the options I know of (did I miss any?):
-
Tailscale VPN connection
-
Reverse Proxy with Caddy or similar (this is recommended as easy in the jellyfin official guides and thus is my current leading contender!)
-
Docker/VM 'containerized' server with permissions/access control
What are your thoughts on the beginner-friendly-ness and ease of setup/management of these? This is exclusively for use by me and my family, so I don't need something that's easy for anyone to access with credentials... just our handful of devices.
Please don't laugh, but I'm currently hosting on a Raspberry Pi5 with a big-ass harddrive attached (using CasaOS on a headless Ubuntu Server). I know this is JANK as far as self-hosting goes, and plan to upgrade to something like NAS in the future, but I'm still researching and learning, and aside from shitty video transcoding, it's working fine for now... Thank you in advance for your advice, help and thoughts!
Well, I wouldn't say the media issues are worse than a full domain access issue, but despite my comment above, I agree with you.
The security split-issue feels reminiscent of when Plex didn't use SSL and wouldn't implement it until a white-hat POC token exploit was produced and provided to them (of which I was the author). If JF was my project, these would be top of my list.
Well I don't mean to harp on it... Plex in this instance is much better off. When provided proof of the problem they fixed it. Jellyfin has had issues about this going back to 2019... 6 years ago. Still no fix in sight. And the first ticket I linked proved the concept can be abused. With the issues getting hidden because "We're closing this because we're consolidating... oh wait... we're closing it because we're splitting the issues out." I've legit had people tell me that the problems were fixed because they saw the issue closed.
And now I hear that JF is even deprecating SSL and mandating proxy or esoteric custom config to implement SSL themselves again... Seems they're going backwards?
I had Jellyfin setup for just myself because I'd love to get away from the risk of Plex screwing shit up (and to get off their SSO). But the frustration of the dev responses to some of these issues and the fact that I'm literally the only person who's able to deal with the restrictions needed to keep it secure... I just turned it off. I didn't want to deal with managing two systems because my kids/wife/other family couldn't figure out how to use it.
All fair. For me, their SSL direction is a good one. Most self-hosters use a central proxy, so why maintain one users just ask to disable.
I do run mine behind a VPN, always will and recommend others do the same.