Do you not normally read patch notes before patching?
Comment on New Jellyfin Server/Web release: 10.10.7
renegadespork@lemmy.jelliefrontier.net 1 year ago
Configurations behind a reverse proxy that did not explicitly configure trusted proxies will not work after this release. This was never a supported configuration, so please ensure you correct your configuration before upgrading. See the updated docs here for more information.
Well I’m glad I read that before upgrading!
slazer2au@lemmy.world 1 year ago
kata1yst@sh.itjust.works 1 year ago
Fuck no, ain’t nobody got time for that! My self hosted stack has 40+ services. I lock them to minor releases (where semvers are used), deploy blind with automation, and fire alerts when breakages occur, which is thankfully rarely.
What you’re suggesting works for small, very carefully curated environments. I grew past that years ago and doubly so when I had kids.
slazer2au@lemmy.world 1 year ago
40? Kinda curious what you are running now.
kata1yst@sh.itjust.works 1 year ago
The general list:
- Immich
- Jellyfin
- Plex (deprecated but kept around for my plexpass using friends)
- Internet Radio (custom container)
- PBS kids downloader (custom container)
- Lidarr
- Sonarr
- Mylar
- Radar
- Prowlarr
- Open-Webui
- QBittorrent
- Sabnzbd
- Navidrome
- Synapse
- Element
- Forgejo
- Tdarr
- Calibre
- Calibre Web
- Tautulli
- Bazarr
- Syncthing
- LazyLibrarian
- Linkwarden
- Mealie
- GlueTun
- Kopia
- Home Assistant
- Music Assistant
- Blocky
- FoundryVTT
- Wireguard
- ArchiveTeam Warrior
- Traefik
- Docspell
- Birdcage (though I’m slowly replacing this with my own bird sound server)
- Frigate
- FreshRSS
- Ntfy
- Samba
With all the supporting services:
Server: Containers: 76 Running: 74 Paused: 0 Stopped: 2 Images: 92
sugar_in_your_tea@sh.itjust.works 1 year ago
It’s odd to throw that into a patch release. I guess we’ll find out if I did it correctly.
jonne@infosec.pub 1 year ago
I mean, it’s patching a security issue caused by trusting headers it shouldn’t, so I don’t think they should wait for a big number release.
sugar_in_your_tea@sh.itjust.works 1 year ago
Why wait? Just release it as a big number release. The version number doesn’t define the size or cadence of a release, it just says whether there’s a breaking change.
mac@lemm.ee 1 year ago
At least in my org we use semantic versioning ( Major.Minor.patch) where patch must either be a new feature, a fix, or something that is backwards compatible
N0x0n@lemmy.ml 1 year ago
I mean, where else should they show that warning? It’s also posted in the forum. They also edited the documentation page.
Maybe you’re more into mailing list or the like? I’m genuine curious on what and how you expected getting this kind of information.
fitgse@sh.itjust.works 1 year ago
I expect in a patch release that nothing has changed and I can blindly update getting minor bug fixes and security fixes. In a minor release I expect to review the changes for configuration changes or any minor UI changes. For a major release I expect to read docs on how to upgrade and prepare backups and downtime.
N0x0n@lemmy.ml 1 year ago
Ohhh thanks for the clarification ! As you guest I’m not into dev/programming so I wasn’t aware of this kind of detail !
Thank you :)
sugar_in_your_tea@sh.itjust.works 1 year ago
Exactly. It has nothing to do with where they post it, but what their version numbers communicate. I should be able to blindly apply patch releases, and this breaks that.
I’m even okay with a minor release here. It was never advertised to work that way so removing it technically isn’t a breaking change, but there is a known breakage here. I’m much more likely to read minor release notes than patch release notes, so I would likely see this warning if it was a minor release.
486@lemmy.world 1 year ago
Thanks for pointing this out! I probably would have missed this, since I didn’t expect such a change for a patch release.
Their documentation mentions:
Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can’t reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?
Lem453@lemmy.ca 11 months ago
If I in traefik and jellyfin in docker, so I add the docker IP of traefik as the trusted proxy?
klopstock@feddit.org 11 months ago
I think you can use the container name if both containers are in the same docker network
486@lemmy.world 11 months ago
I don’t know your exact setup, but you should add the IP that Jellyfin sees when the reverse proxy makes a request. That probably comes from the IP of your Traefik docker container.
jagged_circle@feddit.nl 1 year ago
Yeah the lack of info in the docs on how to configure jellyfin in the CLI is pathetic