I don't give access to anyone but immediate family. For that, I use free ddns for the domain (https://freedns.afraid.org/), wireguard for VPNing into my lan, and from there everything works as if I were in my house.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
-
AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
wanted a free solution
ends up buying a domain
Welcome to the club, buddy!
Cheap domains are basically free though so it doesn't count!
Until you have dozens of them... Lol.
And they keep rising in price or you didn't notice the dark pattern where it was actually the price for the first year.
for a beginner with just a few remote clients, tailscale all the way.
though I still like doing it the old way with a custom nginx setup, fail2ban and a domain name, but its more work to make it secure and even then it's still somewhat of a liability.
How stable is tail scale in teal life? I constantly have issues with relay servers not being available, spontaneous logouts, etc..
I want to use it, but I also want my wife to use it and she will need a "no matter what, it must work" solution or she won't use it
Tailscale. It's free. Insanely easy to set up.
Just install on your devices and connect via the given tailscale ip for the jellyfin server.
Tailscale. It’s free.
Something about Tailscale rubs me the wrong way. That "free" aspect, specifically. No company ever runs a free service without some sort of compromise somewhere.
I would also propose going with Tailscale instead If a VPN + DynDNS solution. Imho it is a lot easier to Setup compared to VPN + DynDNS If you are a beginner and just starting out.
If at some point you need more and then is available in the free Tier of Tailscale and you do not want to pay for it (and you have built up some knowledge!) you can switch to something like Headscale or Netbird.
Or head scale if you don’t want something you don’t control that requires an account with google/apple/microsoft
@Vegan_Joe — if you’re still stuck, try this: install Tailscale → join your tailnet → expose Jellyfin container port 8096 as 443. That’s it. No nginx, no static IP hunting. I wrote a 3-command cheatsheet here https://cxgo.ai/l/5bwrT9m that I wish existed when I started fumbling with docker-compose overrides. Works on a $20 raspberry pi and a 2014 Mac mini, so your hardware shouldn’t matter.
https://netbird.io/ for your own private network of trusted devices, it's free and doesn't require a separate Big Tech account to use (unlike Tailscale)
And then if you want to share Jellyfin with someone who isn't in your Netbird network... believe it or not, also Netbird
This
That's the whole point of a domain. Your IP changes every now and again you need people to know where to reach you. You give them a domain, and you configure the name records so that the domain always points to the right IP address.
Your options:
- dynamic IP - you keep your setup as is and just periodically tell them the new IP you're on. Annoying and exposed
- static IP - you buy a static IP (from your ISP) and share it with your friends once. A little bit less annoying and still exposed
- you use a VPN like hamachi or radmin - your friends install the software, they look for you IP in there, you're done - very secure but also very annoying
- you buy a domain - you have to configure an IP updater like ddclient or similar, then you jellyfin should be reachable - least annoying for your friends but also slightly less secure
Domain is the cleanest option.
I am telling you how annoying it is because that's how likely your friends are to adopt it and how secure it is because depending on your country you are doing something illegal and you really don't want anyone to find out and you gotta keep it updated more often if you don't want people to exploit it. There's an endless supply of very smart people out there who use known bugs to target public services.
Edit: I forgot DDNS, see below comments.
You left out DDNS. It's free, easy to set up with lots of detailed guides online, and works as well as a static IP.
Thank you. I've bought a domain. I'd like to go with this option. Just researching how to do it on cloud flare
I use SWAG reverse proxy for this, with Cloudflare for DNS.
Personally I didn’t want to have to hand out VPN credentials to everyone, so I went with a cloudflare tunnel with Authelia as the method of authentication.
+1 for Cloudflare Tunnels/Zero Trust. The free tier is more than generous for a homelab
While I have similar users here. I noticed that anything I watched on Jellyfin and was connected to cloudflare would give me recommended YouTube shorts on the movies/shows or similar ones I was watching. It is a great free service and I got my domain hooked up through them for $12/year but I feel like it is the leak for my data. I didn’t mind it for a long time because getting shorts served to me that were movie clips was fine with me.
Anyone notice similar behaviors? My paranoia has me wanting to go a different route or lock things down more.
Well, I don't run the *arr stack or JF, so I cannot comment to your issue.
Notice custom ads based on the content you ARE piping through zero trust? Just curious. I realize many users here are probably very avoidant of ads or algorithmic shifts in the first place so it may be unnoticeable
I'll have to say it has been decades since I've seen an ad show up on my screen. However, as I said, I do not run the *arr stack or JF, so my experience might not be applicable to everyone.
So, you stream a video using JF or other and you are getting ads show up? Like pre-roll ads, or other? That just sounds weird to me. Could you provide a screen capture of said intrusions?
It is content recommended on YouTube, essentially. Not the usual long form content but the shorts feed in particular draws specifically from my Jellyfin downloads and views. Not ads, necessarily, but video clips of movies or similar genres in my algorithmic feeds based on apps using zero trust. It is typically a pattern of download a movie(behind mullvad) or watch Jellyfin and then notice similar movie clips by the next morning. I’m not really interested in going over the details on this thread because it’s not the main topic and there are many other ways this type of behavior happens. For instance, I have Jellyfin installed on a google chromecast and that could be enough or the actual leak. I have a pi-hole running and don’t see many traditional ads but YT shorts was an area where I could physically see how my location, travels, and activity on the web in other places changed the clips they served me in realtime. Pretty cool and scary stuff! I’ve been slowly pruning back corporate spyware. Good luck out there.
Ok cool. I was just curious. I think you're the first I've heard with this situation so it piqued my interest.
I ended up using duckdns for a free domain. It sucks that I had to tie it to a google account, and maybe one day this might be an area where I buy a proper domain instead.
I have a glinet Flint3 router that makes it easy to spin up Wireguard servers on it. It was a bit more finnicky, but eventually I was able to get into the advanced settings and configure the router to sync the dynamic IP with DuckDNS too.
So I have Wireguard on my phone and my wife's phone. We have one pair of close friends who have a connection on their router too (and vice-versa) and their own Jellyfin server.