this post was submitted on 05 Jul 2026
230 points (97.9% liked)

Selfhosted

60542 readers
543 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I have docker installed, but only have a vague idea of how it works.

Back in the day, I would just port forward, but even then, I would need a static IP somehow.

I have heard a reverse proxy is an option, but that is an entirely new topic to me.

Surely there is an easy way to access Jellyfin outside of my home network that I'm just missing.

*Edit: I am blown away by all the help and support! I currently have tailscale running, and I'm in the process of purchasing a domain.

Thanks everyone!

top 50 comments
sorted by: hot top controversial new old
[–] darkwing_duck@sh.itjust.works 1 points 21 hours ago

I don't give access to anyone but immediate family. For that, I use free ddns for the domain (https://freedns.afraid.org/), wireguard for VPNing into my lan, and from there everything works as if I were in my house.

[–] xavier666@lemmy.umucat.day 39 points 3 days ago (1 children)

wanted a free solution

ends up buying a domain

Welcome to the club, buddy!

[–] pineapple@lemmy.ml 13 points 3 days ago (1 children)

Cheap domains are basically free though so it doesn't count!

[–] beirdobaggins@lemmy.world 6 points 2 days ago (1 children)

Until you have dozens of them... Lol.

[–] x00z@lemmy.world 3 points 2 days ago (2 children)

And they keep rising in price or you didn't notice the dark pattern where it was actually the price for the first year.

load more comments (2 replies)
[–] Faceman2K23@discuss.tchncs.de 7 points 2 days ago (1 children)

for a beginner with just a few remote clients, tailscale all the way.

though I still like doing it the old way with a custom nginx setup, fail2ban and a domain name, but its more work to make it secure and even then it's still somewhat of a liability.

[–] phoenixz@lemmy.ca 2 points 2 days ago

How stable is tail scale in teal life? I constantly have issues with relay servers not being available, spontaneous logouts, etc..

I want to use it, but I also want my wife to use it and she will need a "no matter what, it must work" solution or she won't use it

[–] wilmo@programming.dev 109 points 4 days ago (3 children)

Tailscale. It's free. Insanely easy to set up.

Just install on your devices and connect via the given tailscale ip for the jellyfin server.

[–] lka1988@lemmy.dbzer0.com 2 points 2 days ago (1 children)

Tailscale. It’s free.

Something about Tailscale rubs me the wrong way. That "free" aspect, specifically. No company ever runs a free service without some sort of compromise somewhere.

[–] wilmo@programming.dev 1 points 1 day ago

Very fair but they do address that here:

https://tailscale.com/blog/free-plan

[–] sakphul@discuss.tchncs.de 31 points 4 days ago (3 children)

I would also propose going with Tailscale instead If a VPN + DynDNS solution. Imho it is a lot easier to Setup compared to VPN + DynDNS If you are a beginner and just starting out.

If at some point you need more and then is available in the free Tier of Tailscale and you do not want to pay for it (and you have built up some knowledge!) you can switch to something like Headscale or Netbird.

load more comments (3 replies)
[–] ragebutt@lemmy.dbzer0.com 17 points 3 days ago (1 children)

Or head scale if you don’t want something you don’t control that requires an account with google/apple/microsoft

load more comments (1 replies)
[–] keenwillow12451@lemmy.1095.me 16 points 3 days ago

@Vegan_Joe — if you’re still stuck, try this: install Tailscale → join your tailnet → expose Jellyfin container port 8096 as 443. That’s it. No nginx, no static IP hunting. I wrote a 3-command cheatsheet here https://cxgo.ai/l/5bwrT9m that I wish existed when I started fumbling with docker-compose overrides. Works on a $20 raspberry pi and a 2014 Mac mini, so your hardware shouldn’t matter.

[–] uuj8za@piefed.social 40 points 3 days ago (7 children)

https://netbird.io/ for your own private network of trusted devices, it's free and doesn't require a separate Big Tech account to use (unlike Tailscale)

And then if you want to share Jellyfin with someone who isn't in your Netbird network... believe it or not, also Netbird

https://docs.netbird.io/manage/reverse-proxy

load more comments (6 replies)
[–] hoshikarakitaridia@lemmy.world 42 points 4 days ago* (last edited 3 days ago) (9 children)

That's the whole point of a domain. Your IP changes every now and again you need people to know where to reach you. You give them a domain, and you configure the name records so that the domain always points to the right IP address.

Your options:

  • dynamic IP - you keep your setup as is and just periodically tell them the new IP you're on. Annoying and exposed
  • static IP - you buy a static IP (from your ISP) and share it with your friends once. A little bit less annoying and still exposed
  • you use a VPN like hamachi or radmin - your friends install the software, they look for you IP in there, you're done - very secure but also very annoying
  • you buy a domain - you have to configure an IP updater like ddclient or similar, then you jellyfin should be reachable - least annoying for your friends but also slightly less secure

Domain is the cleanest option.

I am telling you how annoying it is because that's how likely your friends are to adopt it and how secure it is because depending on your country you are doing something illegal and you really don't want anyone to find out and you gotta keep it updated more often if you don't want people to exploit it. There's an endless supply of very smart people out there who use known bugs to target public services.

Edit: I forgot DDNS, see below comments.

[–] spaghettiwestern@sh.itjust.works 28 points 4 days ago (1 children)

You left out DDNS. It's free, easy to set up with lots of detailed guides online, and works as well as a static IP.

load more comments (1 replies)
[–] philanthropicoctopus@thelemmy.club 3 points 2 days ago (6 children)

Thank you. I've bought a domain. I'd like to go with this option. Just researching how to do it on cloud flare

load more comments (6 replies)
load more comments (7 replies)
[–] CoreLabJoe@piefed.ca 1 points 2 days ago

I use SWAG reverse proxy for this, with Cloudflare for DNS.

https://corelab.tech/jellyfin-guide-https/

[–] KairuByte@lemmy.dbzer0.com 26 points 3 days ago (1 children)

Personally I didn’t want to have to hand out VPN credentials to everyone, so I went with a cloudflare tunnel with Authelia as the method of authentication.

[–] irmadlad@lemmy.world 15 points 3 days ago (25 children)

+1 for Cloudflare Tunnels/Zero Trust. The free tier is more than generous for a homelab

[–] happydoors@lemmy.world 2 points 2 days ago (1 children)

While I have similar users here. I noticed that anything I watched on Jellyfin and was connected to cloudflare would give me recommended YouTube shorts on the movies/shows or similar ones I was watching. It is a great free service and I got my domain hooked up through them for $12/year but I feel like it is the leak for my data. I didn’t mind it for a long time because getting shorts served to me that were movie clips was fine with me.

Anyone notice similar behaviors? My paranoia has me wanting to go a different route or lock things down more.

[–] irmadlad@lemmy.world 1 points 2 days ago (1 children)

Well, I don't run the *arr stack or JF, so I cannot comment to your issue.

[–] happydoors@lemmy.world 2 points 2 days ago (1 children)

Notice custom ads based on the content you ARE piping through zero trust? Just curious. I realize many users here are probably very avoidant of ads or algorithmic shifts in the first place so it may be unnoticeable

[–] irmadlad@lemmy.world 1 points 2 days ago (1 children)

I'll have to say it has been decades since I've seen an ad show up on my screen. However, as I said, I do not run the *arr stack or JF, so my experience might not be applicable to everyone.

So, you stream a video using JF or other and you are getting ads show up? Like pre-roll ads, or other? That just sounds weird to me. Could you provide a screen capture of said intrusions?

[–] happydoors@lemmy.world 2 points 2 days ago (1 children)

It is content recommended on YouTube, essentially. Not the usual long form content but the shorts feed in particular draws specifically from my Jellyfin downloads and views. Not ads, necessarily, but video clips of movies or similar genres in my algorithmic feeds based on apps using zero trust. It is typically a pattern of download a movie(behind mullvad) or watch Jellyfin and then notice similar movie clips by the next morning. I’m not really interested in going over the details on this thread because it’s not the main topic and there are many other ways this type of behavior happens. For instance, I have Jellyfin installed on a google chromecast and that could be enough or the actual leak. I have a pi-hole running and don’t see many traditional ads but YT shorts was an area where I could physically see how my location, travels, and activity on the web in other places changed the clips they served me in realtime. Pretty cool and scary stuff! I’ve been slowly pruning back corporate spyware. Good luck out there.

[–] irmadlad@lemmy.world 1 points 2 days ago

Ok cool. I was just curious. I think you're the first I've heard with this situation so it piqued my interest.

load more comments (24 replies)
[–] paultimate14@lemmy.world 7 points 3 days ago

I ended up using duckdns for a free domain. It sucks that I had to tie it to a google account, and maybe one day this might be an area where I buy a proper domain instead.

I have a glinet Flint3 router that makes it easy to spin up Wireguard servers on it. It was a bit more finnicky, but eventually I was able to get into the advanced settings and configure the router to sync the dynamic IP with DuckDNS too.

So I have Wireguard on my phone and my wife's phone. We have one pair of close friends who have a connection on their router too (and vice-versa) and their own Jellyfin server.

[–] ThatFuckingIdiot@lemmy.today 17 points 4 days ago (5 children)
load more comments (5 replies)
load more comments
view more: next ›