Yeaaah ! Most people anyway have some kind of VPN installed on their device… Just slap in a wireguard VPN config to tunnel your traffic home… bOOm jellyfin everywhere and 99% secure !
Comment on Plex has paywalled my server!
rollerbang@lemmy.world 2 months agoI access my stuff via VPN. As for sharing with others, I simply don’t do that. VPN is still an option though. Or temporary client whitelisting, etc.
N0x0n@lemmy.ml 2 months ago
rumba@lemmy.zip 2 months ago
Now that’s an interesting thought.
A web page with Authelia, login and a firewall.
If you’re not logged in, All you get is a login page. If you are logged in, It passes you straight through to jellyfin.
So any device and client would be able to access it without issue once a phone or computer on the network had logged in just once.
The web page modifies the HA proxy ACL and forces a reload.
EncryptKeeper@lemmy.world 2 months ago
This will work fine over the web, but won’t work with clients.
rumba@lemmy.zip 2 months ago
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don’t put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don’t have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
rumba@lemmy.zip 2 months ago
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don’t put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don’t have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
edit:
I just tried it, it appears to work so far.
I can send websocket traffic inbound to 8096: to the JF server and it loads on web, Android and Roku clients with an ACL limiter on originating ips. and send 8096/whitelist to another server altogether with no ACL limits.
On that process, I’d load nginx, authelia, fail2ban and what flask? Surely someone has a python longin/admin framework that I could hijack for this. Then have that app reack over in shared container storage to twiddle the haproxy config to add some ip’s and reload it?
I wonder if I could do something to the haproxy side to detect non-use of an IP and remove it.