Comment on Plex is locking remote streaming behind a subscription in April
Nibodhika@lemmy.world 5 weeks agoUsing a relay server to separate online from home connection
Comment on Plex is locking remote streaming behind a subscription in April
Nibodhika@lemmy.world 5 weeks agoUsing a relay server to separate online from home connection
couch1potato@lemmy.dbzer0.com 5 weeks ago
I don’t see anything in the linked article about a relay server
Nibodhika@lemmy.world 5 weeks ago
No, the article only mentions the feature by name, the docs for the feature mentions the relay …plex.tv/…/216766168-accessing-a-server-through-r…
couch1potato@lemmy.dbzer0.com 5 weeks ago
I see. So if you read that instruction you’ll see it’s the exact same setup that I outlined. They use a vpn to connect your client to your server and just negotiate the meeting in the middle. It’s the exact same risk scenario as running a reverse proxy on your own vps. Unless I’m missing something else?
Nibodhika@lemmy.world 5 weeks ago
You are, authentication on the VPS, you’re relying on Jellyfin authentication against the internet. Correct me if I’m wrong, but this is your suggested setup: [home server] Jellyfin -> [remote server] Reverse Proxy -> [remote machine] users. Let’s imagine a scenario where Jellyfin has a bug that if you leave the password empty it logs you in (I know, it’s an exaggeration but just for the sake of argument, an SQL injection or other similar attacks would be more plausible but I’m trying to keep things simple), on your setup now anyone can log into your Jellyfin and from there it’s one jump to your home server. On Plex’s solution even if Plex authentication gets compromised the attacker only got access to the remote server, and would now need to find another vulnerability to jump to your Plex at home.
Putting something like Authelia/Authentik on a VPS in front of Jellyfin is a similar approach, but the Jellyfin client can’t handle third party authentication AFAIK