Comment on How do I securely host Jellyfin? (Part 2)
melmi@lemmy.blahaj.zone 2 weeks ago
A lot of people have suggested Tailscale and it’s basically the perfect solution to all your requirements.
You keep saying you need ProtonVPN which means you can’t use Tailscale, but Tailscale actually supports setting up an exit node which is what you need. Put Protonvpn on the Raspberry Pi, then set it up as an exit node for your tailnet. There’s a lot of people talking about how they did this online. It looks like they even have native support for bypassing the manual setup if you use Mullvad.
As long as every client has the ability to use Tailscale (I.e. no weird TVs or anything) this seems like it checks all your boxes. And since everything is E2EE from Tailscale, TLS is redundant and you can just use HTTP.
sem@lemmy.blahaj.zone 2 weeks ago
I’ll just add my 2¢
Tailscale is incredibly powerful and they do a lot of work to make their systems intelligible, but the learning curve is still pretty steep. But still a great option.
treyf711@lemm.ee 2 weeks ago
One thing that I do, though it may not be as secure as a reverse proxy is just using tailscale funnel to expose my jellyfin instance.
I’d like to learn a self-hosted SSO but time is my least abundant resource at the moment.