Comment on How do I host Jellyfin in the most secure manner possible?
Charger8232@lemmy.ml 1 week agoOkay, so you might be unfamiliar with networking
I’m familiar with some parts of networking, but selfhosted VPNs are something I am unfamiliar with, so thank you for helping me out!
No need to use Tailscale if you’re just using your Wi-Fi or Ethernet.
I want it to be encrypted during transit, even if it is over the LAN.
Tailscale/Headscale creates it’s own VPN network which will need its own IP space.
This is what I was afraid of, because this means it probably can’t run alongside ProtonVPN, since it would fill up the VPN slot on Android, right?
If so, it means we’ve come full circle. Unless there is a way to use Tailscale alongside ProtonVPN or a way to get Jellyfin clients to trust self-signed certificates, I don’t see any other option than buying a domain and exposing the server to the internet. Am I missing something?
just_another_person@lemmy.world 1 week ago
No, it can run along anything, as long as you don’t conflict the IP space assigned to a VPN. It creates it’s own IP network space when running, so just don’t overlap with your other VPN software. Using it while at home is a bit wasteful on effort and power, but just use the Jellyfin LetsEncrypt setup and it’s the same thing.
You are missing a lot here. I think you’re confused on the difference between your LAN security, and how that fits into network connections. You don’t need an SSL cert to say that something is secure, that’s just one method of PUBLICLY securing something. Every connection on Tailscale is secure end-to-end, so if you run it on your Pi, any client that can connect to it is secured. No open ports, no lapses in security. The encryption happens between each client and the server. You’re secure.
thatcasualgamingguy@lemmy.nerdcore.social 1 week ago
Android only allows one active VPN per Profile. So as OP said, running Tailscale and Proton in parallel is not possible.
Charger8232@lemmy.ml 1 week ago
I tried Tailscale on Android, and it isn’t working because it requires the active VPN slot occupied by ProtonVPN.