Jellyfin docker outside of lan.

Selfhosted@lemmy.world – 28 points – 9 months ago

Kind of a quick off the cuff question.... but is it difficult to get a docker hosted jellyfin server accessible outside of lan safely?

I have tailscale and a VPN I can use for my own devices but would like to be able to access it safely without needing those.

You are viewing a single comment

View all comments Show the parent comment

I love Jellyfin but I would absolutely not make it accessible over the public internet. A VPN is the way to go.

Yeah I'm thinking maybe just have family sign up for tailscale.

Why not just run your own WireGuard instance? I have a pivpn vm for it and it works great. You could also just put jellyfin behind a TLS terminating reverse proxy.

Sounds like a pain to get non technical family members to use. If you're willing to break the non web app you could always put it behind an authenticating proxy (which is what I do for myself outside of VPN, setting up a VPN on a phone is obnoxious and I only look at metadata anyway on my phone)

Or headscale, works like a charm

Why not just run your own WireGuard instance?

CGNAT is a big reason.

Yep, that way you can set ACLs, you they can only access the jellyfin ports + the ports you allow them to.

Also, tailacale DNS.

The fact that tailscale has google/apple/etc logon integration will also help.

Why "absolutely" not?

Have you seen the link?

Oh, sorry, sorry, sorry, i didn't think this is a link 😅😅😅

Haha, no problem!

Oof, that's bad... And lazy

Unfortunately a lot of these issues are architectural issues inherited from Emby