Comment on LDAP to UNIX user proxy
Shimitar@feddit.it 2 months agoYou might use LDAP, but its total overkill.
I have not yet worked jellyfin with authelia, but its more or less the last piece and I don’t really care so far if its left out.
A good reverse proxy with https is mandatory, so start with that one. I mean, from all point of views, not login.
I have all my services behing nginx, then authelia linked to nginx. Some stuff works only with basic auth. Most works with headers anyway, so natively with authelia. Some bitches don’t, so I disable authelia for them. Annoying, but I have only four users so there is not much to keep in sync.
kevincox@lemmy.ml 2 months ago
I do use a reverse proxy but for various reasons you can’t just block off some apps. For example if you want to play Jellyfin on a Chromecast or similar, or PhotoPrism if you want to use sharing links. Unfortunately these systems are designed around the built-in auth and you can’t just slap a proxy in front.
I do use nginx with basic with in front of services where I can. I trust nginx much more than 10 different services with varying quality levels. But unfortunately not all services play well.
Shimitar@feddit.it 2 months ago
Never found a service that don’t work with nginx reverse proxy.
My jelly fin does.
Don’t run photoprims tough…
kevincox@lemmy.ml 2 months ago
Are you doing auth in the reverse proxy for Jellyfin? Do you use Chromecast or any non-web interface? If so I’m very interested how you got it to work.
Shimitar@feddit.it 2 months ago
This is my jellyfin nginx setup: wiki.gardiol.org/doku.php?id=services:jellyfin#re…
currently i don’t use any proxy related authentication because i need to find the time to work with the plugins in Jellyfin. I don’t have any chromecast, but i do regularly use the Android Jellyfin app just fine.
I expect, using the OIDC plugin in jellyfin, that Jellyfin will still manage the login via Authelia itself, so i do not expect much changes in NGINX config (except, maybe, adding the endpoints).