Patch it to Jellyfin 10.10.7.
this post was submitted on 15 Aug 2025
66 points (91.2% liked)
Selfhosted
50554 readers
422 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I did this a few months back.
Some things aren't as great, but you get full control and your server idles way better on JellyFin.
Yeah, as long as you have a decently supported client the entire platform is very serviceable. I do wish they would get rid of the unprotected endpoints and officially support 2FA on the server and clients.
For all their anti-consumer practices Plex does at least take their security very seriously.
I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren't updated.
Note: Plex didn't have SSL, and refused to implement it, until ~6 weeks after I created a POC token exploit. Here's the GitHub repo I posted as a patch before they got their system in order: https://github.com/Fmstrat/plex-ssl. In other words, don't give them too much credit.
I'll go look at it again as well, their (jf) source control still had a lot of ancient open tickets last time I looked at it.
TLS for Plex was a really nice guesture. Company handling the issuing of the cert was pretty nice.
Realistically, I don't mind running a proxy for SSL unwrapping, there are enough projects out there that handle the unwrapping and renew their own keys from lets encrypt.
I just want to self-host this thing maybe run it through a single proxy product send the URL out to my extended family and forget about it. I wanted to be as secure as reasonably possible enough that I feel comfortable surfacing it.
Right now I surface Plex for the distant relations and tailscale jellyfin for my own, but it kills me I want Plex gone. But there are random TVs and kids on tablets, and honestly I don't want to be everyone's VPN endpoint or worry about onboarding everyone's new device.
Yea the catch was we were asking for TLS for a long time, and this was pre- Let's Encrypt, so those patching on their own didn't have a free (minus work) way to handle it. It took a releasable POC to get action.
All out devices just have a permanent Wireguard client since it uses basically no battery, and then a allow rules for households. If you don't want to run the client, and don't want to take the time to learn, you don't get access. But I totally get how that's not for everyone.
Yeah, my problem is televisions.
If it was just tablets phones and desktops I could do SSL client certificates.
For my personal use I'm using tailscale and it's wonderful.
Ahhh. I put the wireguard client on the router, so it's more of a site to site setup for TVs.
I'm on Jellyfin as they banned Hetzner.
Should clarify Plex banned using Hetzner :)
https://torrentfreak.com/plex-will-block-media-servers-at-prevalent-hosting-company-230915/
There's the story but there's not much tea.
I'm guessing there were just enough complaints and Hetzner refused to take anything down.
Really bizarre to license people self-hosting software and then refuse them from hosting it in certain places over what content they choose to put up.
I wonder if they'll just roll through all the VPS now.
i'm ootl; how was plex able to ban them? isn't hetzner just a vps provider? (not questioning you; just curious)
Plex blocked Hetzner IPs, so servers hosted there can't reach plex.tv to auth users or validate plex pass.
I've been using a reverse proxy on a Hetzner VPS pointing at my home plex server for years without issue. Maybe this only applies to people running the actual Plex software on a Hetzner VPS?
Yeah, your home server is still able to reach plex.tv so there's no problem there.
It's people actually hosting there that got screwed over.
that's wild :o
That's what you get for using anything that doesn't work fully offline. Seriously people still defending Plex and not seeing that it will bite them back sooner or later are delusional.
Given that hardware doesn't die, my Jellyfin will probably work until the heat death of the universe.
Basically it's possible by checkin IP of the server.
view more: next ›