Comment

Comment on How do I host Jellyfin in the most secure manner possible?

<- View Parent

just_another_person@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

Nope. Wireguard runs outside the same protocols.

source

Sort:hotnew top

Charger8232@lemmy.ml ⁨4⁩ ⁨weeks⁩ ago
So:

ProtonVPN is installed on my Android phone

Android has Always-on VPN enabled

Android has Block connections without VPN enabled

Host Jellyfin on my Raspberry Pi 5

Install Headscale on my Raspberry Pi 5

Install Headscale on my Android phone

Install a Jellyfin client on my Android phone

Configure everything

And that will work? It will be encrypted during transit? And only run on the LAN? Does ProtonVPN need to allow LAN connections (I assume it does)?
source
- just_another_person@lemmy.world ⁨4⁩ ⁨weeks⁩ ago
  Sorry, it may be confusing, but Headscale is ONLY the free server component. The client is still Tailscale’s open client. That’s why I’m saying just sign up and try it first with Tailscale, and then if you need more connections without paying, create a Headscale server and re-register your clients to that to skip charges.
  
  source
  - Charger8232@lemmy.ml ⁨4⁩ ⁨weeks⁩ ago
    Alright, I’m slowly learning, bare with me here:
    
    ProtonVPN is always-on and blocks connections without VPN
    
    Jellyfin and Headscale are hosted on the Pi (or does Headscale need its own server?)
    
    Tailscale and a Jellyfin client are installed on the phone
    
    Will that will run fully on the LAN?
    
    Will it be encrypted during transit?
    
    Does ProtonVPN need to allow LAN connections?
    
    source
    just_another_person@lemmy.world ⁨4⁩ ⁨weeks⁩ ago
    Okay, so you might be unfamiliar with networking, so maybe some extra confusion there. Let me try to explain that a bit.
    
    The Jellyfin server runs on LAN like normal. No need to use Tailscale if you’re just using your Wi-Fi or Ethernet.
    
    Tailscale/Headscale creates it’s own VPN network which will need its own IP space. Same as any other VPN. It’s just a setting in the config, and the routing is pretty simplistic and mostly automatic.
    
    Tailscale/Headscale can run anywhere. Doesn’t need to be on that Pi, but that Pi will need a Tailscale client to be on the “Tailnet” and communicate with other devices also connected to it.
    
    ProtonVPN clients have their own IP space and network that go elsewhere. That’s its own separate thing.
    
    source
    -> View More Comments