Comment on That's all folks, Plex is starting to charge for sharing
themachine@lemmy.world 3 weeks agoNo. You have to expose your server to the internet in some way bit you don’t have to set up some sort of VPN. There are plenty of people who will tell you how awful of an idea it is but if you make smart choices it’s not a big deal.
sudneo@lemm.ee 3 weeks ago
Well, as an application it has a huge attack surface, it’s also able to download stuff from internet (e.g., subs) and many people run it on NAS. I run jellyfin in docker, I didn’t do a security assessment yet, but for sure it needs volume mounts, not sure about what capabilities it runs with (surely NET_BIND, and I think DAC_READ_SEARCH to avoid file ownership issues with downloaders?). Either way, I would never expose a service like that on the internet.
RaccoonBall@lemm.ee 3 weeks ago
This is also true about Plex which must also be exposed to the internet
sudneo@lemm.ee 3 weeks ago
No that’s the thing. Plex can also use their infra as a tunneling system. You can have remote streaming without exposing Plex publicly and without VPN. It is slow though.
Nibodhika@lemmy.world 3 weeks ago
Plex doesn’t even work properly unless you set it up with network mode host, otherwise it always considers your service to be remote because they’re not on the same network as anything you try to watch it from. Jellyfin requires lots less access, and you’re so worried about it you can add a Tailscale mod to the container and isolate it completely so it’s only accessible via Tailscale similarly to what you think Plex is doing (which doesn’t harden security as much as you think)