Comment on Plex has paywalled my server!
haui_lemmy@lemmy.giftedmc.com 6 days agoThats not what I meant. I of course have wireguard set up for administration and my own streaming needs. But friends of mine who were able to use plex by just making an account but now they cant because of course there is no relay server etc. I’ll have to think of a way to make it available to them (easily!) without putting my network at risk.
Mine is public, but I block every state but the one all of my users live in(family) and I never get unwanted visitors. Couldn’t say the same if I lived in NY or CA.
If they have static IP addresses, you may be able to whitelist them in your proxy, or maybe there’s some sort of dyndns client/relay software you can run if their ips change.
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup. :)
Welp, I guess they’ll just have to start their own servers or you’ll have to get out your credit card. Pity.
yeah no. there are a lot of other solutions to this. they’re just a little annoying. others have confirmed there are similar setups like plex is doing with a relay server, but selfhosted.
skoell13@feddit.org 6 days ago
This is how I do it: codeberg.org/skjalli/jellyfin-vps-setup
haui_lemmy@lemmy.giftedmc.com 6 days ago
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it. :D I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.
skoell13@feddit.org 5 days ago
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby 😅
haui_lemmy@lemmy.giftedmc.com 5 days ago
You’re an absolute champ! Thanks for walking the walk. Its refreshing meeting people who do stuff. Feel free to check out my kodi peertube app at some point ;)
WeAreAllOne@lemmy.dbzer0.com 5 days ago
Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
rumba@lemmy.zip 5 days ago
My primary worry for this is that something in the jellyfin stack gets an open vulnerability, like there’s an overflow you can use on a post call to a piece of media allowing remote code execution.
Tautulli had a leak once that provided the user’s private token. Then there was a way in Plex with a private token to pull data from elsewhere on the server. That’s how LastPass got nuked I hear.
skoell13@feddit.org 5 days ago
I get you and I know that there can be security issues (especially in Jellyfin) that might give you access. This is the reason I only mount the media and config folders, and nothing else into the docker container. The media folders are mounted as read only and don’t contain sensitive information. For the config folder I created a separate user. Plus I block non-German IP addresses which already blocks quite some bots. If your friends have fixed IP addresses you could also just whitelist them and block everything else.
You could also probably sniff the network and define more strict rules on ‘allowed’ requests in fail2ban but this is bridle because requests might change with different versions.
rumba@lemmy.zip 5 days ago
They actually do a small login f2b effort right in JF, but it appears to be quite limited.
The container is more secure by default, and if people set up their docker well it reduces the dangers substantially. A lot of people don’t go docker though.
dbtng@eviltoast.org 5 days ago
Thanks. That’s well laid out, straightforward. I have resources at home that I want to share. This is a good blueprint.