this post was submitted on 27 Jun 2026
239 points (98.4% liked)
Technology
85815 readers
3738 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Jellyfin does not.
Setting up Jellyfin to be accessible outside of my home network has been a huge pain in the ass.
Not Jellyfin’s fault tho. I wish there was an easier way
Fair, but self hosting stuff has that part of self. It is difficult to make it easy for everyone since everyone has a different setup, as such it is mostly directed towards people who are expert in doing this kinds of things or who will dedicate the time to learn how to do it.
The good thing is after you spent a couple days trying to figure out how to make it work, it will work in the future and you already know how to setup more stuff.
It’s not directed towards people who are experts. I’m an expert and can’t secure Jellyfin properly because Jellyfin doesn’t support proper secure authentication.
Which authentication method are you wanting for it? I wouldn't call myself an expert but my job stuck senior in front of my title a few years back.
Native OIDC/SSO support, allowing users to offload the authentication to a purpose built software.
Then don't and do VPN?
I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused service vs a media consumption service competing for max security...
I wonder what would be the most successful at this task...
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don't support OIDC either.
Plex does it's own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby. Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
Yeah, natively Jellyfin supports LDAP (1st party plug-in anyway), which means I can use my personal IdP to centrally manage accounts and it works across all their apps I've tried (as oppose to the OIDC plugin which seems to still break their apps).
Forgot that LDAP is sort of first party.
Does the jellyfin app support the ldap auth?
Plugins for SSO and OIDC are not a solution as they will only work with the web clients, so that’s a non-starter.
Jellyfin can blame it on the tech debt all they want but implementing it really wouldn’t be that hard, they just haven’t prioritized it, simple as.
This sounds lile you are very knowledgable about it.
Why not propose a dev-draft or propose a feature on their feature voting website?
Because it’s already a proposed feature on their feature voting website. In fact It’s been one of the top voted features for the last 7 years straight. It’s at this point the most often talked about drawback of Jellyfin and biggest stated reason why people won’t switch away from Plex. It’s been so long that the SSO plugin has been archived because the maintainer only made it on a temporary basis and he was tired of maintaining it, likely because it’s only taken the pressure off of the Jellyfin team to implement native SSO because folks like you like to point to it as a solution to the problem.
I actually love when I run into an issue like that get an error. Researching that stuff is fun for me, but I think trying to get the average person to do it is a non-starter
I use tailscale and NPM to reverse proxy.
When I want to watch, I turn on the VPN and go to the app. Easy peazy
Tailscale could probably be easier but I wanted to make it easy for my parents.
I was trying to set it up via Reverse Proxy in Caddy. My stupid NAS has proprietary software and the only way to do it is in Docker but their version of docker has some wonky issues with ports.
Oh, I use caddy too. What gave you trouble?
It’s been a few weeks since I’ve tinkered with it but I plan on pulling it up today. If I remember right, it works fine if I launch it as a singular container by itself, but if I launch it inside a container with multiple apps, it says the ports are in use. I verified that no other app is using the ports. I checked in the CLI and it says containers is using the port. Very weird.
Following tutorials and researching online had been helpful by my NAS uses QNAP’s QTS operating system. It locks you out of many basic functions. I can’t install apps outside of its App Store unless it’s in a docker container, for example.
Many command line functions have also been removed so when I’m troubleshooting or looking for alternate fixes, I’m blocked out.
You nas doesn't support docker compose? Its kind of the only reason why you'd want to have several processes on the same container.
Ps.: can you ssh in?
I can use docker compose. I need them on the same container so they can see the other apps exist and direct traffic there. Or that I as my understanding.
I tried setting up Caddy on a separate container as Jellyfin but that didn’t work.
That's only by default, since all apps in a container share a network. I got this working with my *arr stack using multiple containers by manually creating a shared network in the console, then adding that network to each compose file. Works like a dream.
Would a docker-compose.yaml like this one work? https://privatebin.net/?1d1d30a1e92a974a#JDwvxcmJyjwmhir4YFvVrRGhn7fUJNqgTbrmgBYe1etC I just basically ripped that off my working setup. This sets up two containers that can see each other
I don't mind paying a seedbox company to provide me with a box with qbittorrent and emby and other stuff I don't use
It is Jellyfins fault and there is an easier way, the Jellyfin team just hasn’t prioritized it.
It’s not easy trying to set up VPN or a reverse proxy, dynamic DNS and so on if you want secure access for more than yourself l, that is true. I hope they can figure out a way to make that process a lot easier.
Actually, using an LLM to walk you through the process of setting up jellyfin inside a docker container (and setting up the arr stack) and all of that makes things a lot easier than trying to figure it all out on your own.
Have to agree. I hate LLM but this is a good use for it.
Happy cake day! Thanks for the info!
That was a big reason I went with Emby. Not open source, but wasn't necessary to me, and I wanted a cloud connect function that it handled well. And not all devices have a Jellyfin app that's easy to install. My TV would require it to be rooted.
Yeah but good luck building out homelab these days. Too expensive
Bro win 10 computers are essentially free thanks to microsoft's windows 11 requirements and any of them can keep up with transcoding. Add onto that any second hand sata drives and a sata controller than handles multiple parity drives for raid 5 and you've got a solution that is under the yearly subscription fee of ad-free netflix and a fun weekend project.
Too bad that high capacity HDDs and SSDs went through the roof.
Not like you can have a big library with 5x 2TB HDDs if you arent willing to sacrifice quality/bitrate. Simply not feasible.
Where? I am not seeing any computers worth grabbing, even though I keep hearing people are dumping win 10 computers everywhere.
They are going to salvage... We (the MSP I work at) constantly throw out older systems. Too bad they have SSDs with data of potential clients and thus need to be destroyed according to GDPR...
I have seen a few pallet auctions (lots of 100 or more) but they are not going cheap.
This too :(
Can you guide my grandma to help her set it up? I'll give you her number.
Edit: Just want to say I appreciate the info still
not the issue, storage price is
stremio/nuvio + torbox since yall keep mentioning not storing anything longterm and deleting as you go
Hence my solution. You can get 2-4 TB drives for around $30 on ebay. Get a flexible RAID controller that can handle multi-parity Raid 50, ideally a second hand raid card. We're at a total of $230 in at this point, assuming you have a windows 10 desktop lying around.
This is not a high data speed situation. If you have 6 or more drives you can dedicate two to parity and now you will never have data loss despite buying second hand drives. Effective storage capacity will be 16TB, which is more than enough to store 100 full series and a few thousand movies at 1080p or lower, and raid 50 gives a speed boost above what your controller will likely be able to handle, and way above what is needed for even a quite large multi-user media server.
Data storage is still incredibly cheap. You're just confusing your needs and your wants.
Cheaper than a netflix subscription. Especially if you repurpose the last PC you upgraded as a server. Jellyfin will run fine on 15 year old hardware.
If you're happy with FHD (1080p) res, the requirements for both server and client are very low.
So long as you don't need to stockpile old shows you never watch, you can get by on an old laptop and possibly an external drive.
My homelab started out on a Raspberry Pi 2b. Most of the hardware Ive brought online were dumpster specials someone else didn't want. It can be done on the cheap. Won't necessarily be reliable, but it can be done cheap.
Where the fun in not hoarding old childhood shows and movies ;)
c/datahoarders feeling personally attacked
:-D
I'm in no position to toss to much shade at the data hoarder community. I'm personally sitting on close to 64TB of media I've collected over the years. In my case, most of it legitimately acquired, either by myself or by family, but still. It adds up and most of it hasn't been accessed more than once or twice.
Jellyfin isn't too demanding. I'm still running my whole media stack on a Raspberry Pi 4.
This can work fine if you're just a single user/household since you can ensure that you're only acquiring audio/video codecs that will play without transcoding but gets more challenging if you're also sharing remotely with others since you don't necessarily know what devices they're using to watch which may require transcoding.