this post was submitted on 26 Jun 2025
465 points (97.9% liked)

Selfhosted

48767 readers
992 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
465
Jellyfin over the internet (startrek.website)
submitted 2 days ago by [email protected] to c/[email protected]
285 comments fedilink hide all child comments
 

What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

(page 4) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 39 points 2 days ago* (last edited 2 days ago) (11 children)

Jellyfin isn't secure and is full of holes.

That said, here's how to host it anyway.

  1. Wireguard tunnel, be it tailscale, netbird, innernet, whatever
  2. A vps with a proxy on it, I like Caddy
  3. A PC at home with Jellyfin running on a port, sure, 8096

If you aren't using Tailscale, make your VPS your main hub for whatever you choose, pihole, wg-easy, etc. Connect the proxy to Jellyfin through your chosen tunnel, with ssl, Caddy makes it easy.

Since Jellyfin isn't exactly secure, secure it. Give it its own user and make sure your media isn't writable by the user. Inconvenient for deleting movies in the app, but better for security.

more...

Use fail2ban to stop intruders after failed login attempts, you can force fail2ban to listen in on jellyfin's host for failures and block ips automatically.

More!

Use Anubis and yes, I can confirm Anubis doesn't intrude Jellyfin connectivity and just works, connect it to fail2ban and you can cook your own ddos protection.

MORE!

SELinux. Lock Jellyfin down. Lock the system down. It's work but it's worth it.

I SAID MORE!

There's a GeoIP blocking plugin for Caddy that you can use to limit Jellyfin's access to your city, state, hemisphere, etc. You can also look into whitelisting in Caddy if everyone's IP is static. If not, ddns-server and a script to update Caddy every round? It can get deep.

Again, don't do any of this and just use Jellyfin over wireguard like everyone else does(they don't).

load more comments (11 replies)
[–] [email protected] 6 points 2 days ago

This is my setup.

Read more, here.

[–] [email protected] 4 points 2 days ago (1 children)

Synology worked for me. They have built in reverse proxy. As well as good documentation to install it on their machine. Just gotta configure your wifi router to port forward your device and bam you're ready to rock and roll

[–] [email protected] 1 points 2 days ago (3 children)

Didn’t they patch their things now that your stuck in their bubble/environment now or something like that ?

load more comments (3 replies)
[–] [email protected] 8 points 2 days ago (1 children)

I don't host my media outside my local network but, if I did, I would use my go to method of SWAG with Authentik. This is what I have done for my other self-hosted items.

[–] [email protected] 7 points 2 days ago

I just install tailscale at family houses. The limit is 100 machines.

[–] [email protected] 4 points 2 days ago

OpenVPN into my router

[–] [email protected] 8 points 2 days ago

I'm just using caddy and a cheap $2 a year .top domain with a $4 a month VPS. Works for my users, I only have 3 users on my server.

[–] [email protected] 5 points 2 days ago

Jellyfin through a traefik proxy, with a WAF as middleware and brute force login protected by fail2ban

[–] [email protected] 7 points 2 days ago (2 children)

I use a cloudflare tunnel, ISP won't give me a static IP and I wanna keep my firewall locked down tight.

load more comments (2 replies)
[–] [email protected] 15 points 2 days ago

Tailscale

[–] [email protected] 7 points 2 days ago

Cheap VPS with Pangolin for Wireguard and reverse proving through the tunnel.

[–] [email protected] 6 points 2 days ago

I just use tailscale. I am thinking about external share options but for me and my closests just plain simple tailscale

[–] [email protected] 3 points 2 days ago

I'm using jf on unraid. I'm allowing remote https only access with Nginx Proxy Manager in a docker container.

load more comments
view more: ‹ prev next ›