Comment

Comment on New Jellyfin Server/Web release: 10.10.7

renegadespork@lemmy.jelliefrontier.net ⁨3⁩ ⁨days⁩ ago

Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.

Well I’m glad I read that before upgrading!

source

Sort:hotnew top

sugar_in_your_tea@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
It’s odd to throw that into a patch release. I guess we’ll find out if I did it correctly.

source
- jonne@infosec.pub ⁨3⁩ ⁨days⁩ ago
  I mean, it’s patching a security issue caused by trusting headers it shouldn’t, so I don’t think they should wait for a big number release.
  
  source
  - sugar_in_your_tea@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    Why wait? Just release it as a big number release. The version number doesn’t define the size or cadence of a release, it just says whether there’s a breaking change.
    
    source
    mac@lemm.ee ⁨3⁩ ⁨days⁩ ago
    At least in my org we use semantic versioning ( Major.Minor.patch) where patch must either be a new feature, a fix, or something that is backwards compatible
    
    source
    -> View More Comments
- N0x0n@lemmy.ml ⁨3⁩ ⁨days⁩ ago
  I mean, where else should they show that warning? It’s also posted in the forum. They also edited the documentation page.
  
  Maybe you’re more into mailing list or the like? I’m genuine curious on what and how you expected getting this kind of information.
  
  source
  - fitgse@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    I expect in a patch release that nothing has changed and I can blindly update getting minor bug fixes and security fixes. In a minor release I expect to review the changes for configuration changes or any minor UI changes. For a major release I expect to read docs on how to upgrade and prepare backups and downtime.
    
    source
    sugar_in_your_tea@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    Exactly. It has nothing to do with where they post it, but what their version numbers communicate. I should be able to blindly apply patch releases, and this breaks that.
    
    I’m even okay with a minor release here. It was never advertised to work that way so removing it technically isn’t a breaking change, but there is a known breakage here. I’m much more likely to read minor release notes than patch release notes, so I would likely see this warning if it was a minor release.
    
    source
    -> View More Comments
    N0x0n@lemmy.ml ⁨3⁩ ⁨days⁩ ago
    Ohhh thanks for the clarification ! As you guest I’m not into dev/programming so I wasn’t aware of this kind of detail !
    
    Thank you :)
    
    source
    -> View More Comments
486@lemmy.world ⁨3⁩ ⁨days⁩ ago
Thanks for pointing this out! I probably would have missed this, since I didn’t expect such a change for a patch release.

Their documentation mentions:

For jellyfin to know which reverse proxy is trusted, the IP, Hostname or Subnet has to be set in the Known Proxies (under Admin Dashboard -> Networking) setting.

Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can’t reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?

source
- jagged_circle@feddit.nl ⁨3⁩ ⁨days⁩ ago
  Yeah the lack of info in the docs on how to configure jellyfin in the CLI is pathetic
  
  source
- Lem453@lemmy.ca ⁨3⁩ ⁨days⁩ ago
  If I in traefik and jellyfin in docker, so I add the docker IP of traefik as the trusted proxy?
  
  source
  - klopstock@feddit.org ⁨2⁩ ⁨days⁩ ago
    I think you can use the container name if both containers are in the same docker network
    
    source
  - 486@lemmy.world ⁨2⁩ ⁨days⁩ ago
    I don’t know your exact setup, but you should add the IP that Jellyfin sees when the reverse proxy makes a request. That probably comes from the IP of your Traefik docker container.
    
    source
slazer2au@lemmy.world ⁨3⁩ ⁨days⁩ ago
Do you not normally read patch notes before patching?

source
- kata1yst@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
  Fuck no, ain’t nobody got time for that! My self hosted stack has 40+ services. I lock them to minor releases (where semvers are used), deploy blind with automation, and fire alerts when breakages occur, which is thankfully rarely.
  
  What you’re suggesting works for small, very carefully curated environments. I grew past that years ago and doubly so when I had kids.
  
  source
  - slazer2au@lemmy.world ⁨3⁩ ⁨days⁩ ago
    40? Kinda curious what you are running now.
    
    source
    kata1yst@sh.itjust.works ⁨3⁩ ⁨days⁩ ago
    The general list:
    
    Immich
    
    Jellyfin
    
    Plex (deprecated but kept around for my plexpass using friends)
    
    Internet Radio (custom container)
    
    PBS kids downloader (custom container)
    
    Lidarr
    
    Sonarr
    
    Mylar
    
    Radar
    
    Prowlarr
    
    Open-Webui
    
    QBittorrent
    
    Sabnzbd
    
    Navidrome
    
    Synapse
    
    Element
    
    Forgejo
    
    Tdarr
    
    Calibre
    
    Calibre Web
    
    Tautulli
    
    Bazarr
    
    Syncthing
    
    LazyLibrarian
    
    Linkwarden
    
    Mealie
    
    GlueTun
    
    Kopia
    
    Home Assistant
    
    Music Assistant
    
    Blocky
    
    FoundryVTT
    
    Wireguard
    
    ArchiveTeam Warrior
    
    Traefik
    
    Docspell
    
    Birdcage (though I’m slowly replacing this with my own bird sound server)
    
    Frigate
    
    FreshRSS
    
    Ntfy
    
    Samba
    
    With all the supporting services:
    
    Server: Containers: 76 Running: 74 Paused: 0 Stopped: 2 Images: 92
    
    source
    -> View More Comments