this post was submitted on 31 Mar 2025
204 points (98.1% liked)

Selfhosted

45446 readers
280 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
204
How to secure Jellyfin hosted over the internet? (programming.dev)
submitted 4 days ago by lambda@programming.dev to c/selfhosted@lemmy.world
122 comments fedilink hide all child comments
 

I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

you are viewing a single comment's thread
view the rest of the comments
[–] dan@upvote.au 51 points 4 days ago* (last edited 4 days ago) (37 children)

Is it just you that uses it, or do friends and family use it too?

The best way to secure it is to use a VPN like Tailscale, which avoids having to expose it to the public internet.

This is what I do for our security cameras. My wife installed Tailscale on her laptop and phone, created an account, and I added her to my Tailnet. I created a home screen icon for the Blue Iris web UI on her phone and mentioned to her, "if the cameras don't load, open Tailscale and make sure it's connected". Works great - she hasn't complained about anything at all.

If you use Tailscale for everything, there's no need to have a reverse proxy. If you use Unraid, version 7 added the ability to add individual Docker containers to the Tailnet, so each one can have a separate Tailscale IP and subdomain, and thus all of them can run on port 80.

[–] paequ2@lemmy.today 16 points 4 days ago (36 children)

if the cameras don’t load, open Tailscale and make sure it’s connected

I've been using Tailscale for a few months now and this is my only complaint. On Android and macOS, the Tailscale client gets randomly killed. So it's an extra thing you have to manage.

It's almost annoying enough to make me want to host my services on the actual internet....... almost... but not yet.

[–] Byter@lemmy.one 7 points 4 days ago (1 children)

If you make Tailscale your VPN in Android it will never be killed. Mileage may vary depending on flavor of Android. I've used this on stock Pixel and GrapheneOS.

Under Settings > Network and internet > VPN

Tap the Cog icon next to Tailscale and select Always-on VPN.

[–] paequ2@lemmy.today 4 points 3 days ago

Holy moly, I did not know this existed! Thanks! Just turned this on!

load more comments (34 replies)
load more comments (34 replies)