A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
What’s your go too (secure) method for casting over the internet with a Jellyfin server.
I’m wondering what to use and I’m pretty beginner at this
If it’s just so you personally can access it away from home, use tailscale. Less risky than running a publicly exposed server.
Jellyfin isn't secure and is full of holes.
That said, here's how to host it anyway.
If you aren't using Tailscale, make your VPS your main hub for whatever you choose, pihole, wg-easy, etc. Connect the proxy to Jellyfin through your chosen tunnel, with ssl, Caddy makes it easy.
Since Jellyfin isn't exactly secure, secure it. Give it its own user and make sure your media isn't writable by the user. Inconvenient for deleting movies in the app, but better for security.
more...
Use fail2ban to stop intruders after failed login attempts, you can force fail2ban to listen in on jellyfin's host for failures and block ips automatically.
More!
Use Anubis and yes, I can confirm Anubis doesn't intrude Jellyfin connectivity and just works, connect it to fail2ban and you can cook your own ddos protection.
MORE!
SELinux. Lock Jellyfin down. Lock the system down. It's work but it's worth it.
I SAID MORE!
There's a GeoIP blocking plugin for Caddy that you can use to limit Jellyfin's access to your city, state, hemisphere, etc. You can also look into whitelisting in Caddy if everyone's IP is static. If not, ddns-server and a script to update Caddy every round? It can get deep.
Again, don't do any of this and just use Jellyfin over wireguard like everyone else does(they don't).
Wow, a "for dummies" guide for doing all this would be great 😊 know of any?
OpenVPN into my own LAN. Stream from there to my device.
Is putting it behind an Oauth2 proxy and running the server in a rootless container enough?
Tailscale + Caddy (automatic certificates FTW).
Synology worked for me. They have built in reverse proxy. As well as good documentation to install it on their machine. Just gotta configure your wifi router to port forward your device and bam you're ready to rock and roll
Didn’t they patch their things now that your stuck in their bubble/environment now or something like that ?
I just install tailscale at family houses. The limit is 100 machines.
I'm just using caddy and a cheap $2 a year .top domain with a $4 a month VPS. Works for my users, I only have 3 users on my server.
OpenVPN into my router
Tailscale
Jellyfin through a traefik proxy, with a WAF as middleware and brute force login protected by fail2ban
Wireguard.
and a local reverse proxy that can route through wireguard when you want to watch on a smart tv.
its not as complicated as it sounds, it's just a wireguard client, and a reverse proxy like on the main server.
it can even be your laptop, without hdmi cables
You can also use a router that can run wireguard/openvpn and have that run the tunnel back to home for you. I've got a portable GL-Inet router with OpenWRT that I use for this when I'm on the road
I use a cloudflare tunnel, ISP won't give me a static IP and I wanna keep my firewall locked down tight.
Cheap VPS with Pangolin for Wireguard and reverse proving through the tunnel.
Wireguard vpn into my home router. Works on android so fire sticks etc can run the client.
I just use tailscale. I am thinking about external share options but for me and my closests just plain simple tailscale
