Comment on Plex has paywalled my server!
ipkpjersi@lemmy.ml 2 days agoI thought that you can still access media directly via the URL without any authentication, how would authelia change that?
Comment on Plex has paywalled my server!
ipkpjersi@lemmy.ml 2 days agoI thought that you can still access media directly via the URL without any authentication, how would authelia change that?
kuhli@lemmy.dbzer0.com 2 days ago
Yes! You just have to set up your reverse proxy to send everything through it and it’ll block the unauthenticated access.
The downside is that apps stop working since they don’t have a way to authenticate with authelia. I’ve installed it as a PWA on my phone and use an old laptop with the TV interface on my TV, but it’s not perfect
ipkpjersi@lemmy.ml 2 days ago
Are you sure that works? I’m pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
rumba@lemmy.zip 2 days ago
I just put it behind an HAProxy a few minutes ago, It appears to be fine. You just need something capable enough to handle web sockets. I’ve made it all the way through an episode of The real monsters without any problems.
Again, you’re not going to be able to 2FA it that way, what I’m looking at doing is IP whitelisting it in HAProxy using a small web helper that is 2FA, accessed via the same port but on a separate path.
ipkpjersi@lemmy.ml 2 days ago
Maybe I was thinking of this from back in 2024?
github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
kuhli@lemmy.dbzer0.com 2 days ago
Its unsupported, but I have mine running behind nginx and haven’t run into any problems other than the aforementioned app issues.
ipkpjersi@lemmy.ml 2 days ago
Maybe I was thinking of this from back in 2024?
github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
rumba@lemmy.zip 1 day ago
The problem with putting it behind a VPN is then all your users have to be on VPN.
Self-service IP whitelisting would be easy and let all clients work without trying to hack in a separate VPN client.
The only thing that would suck would be if you were on a mobile link while moving and swapping towers your IP would change so you constantly get kicked off.
But if you were so inclined you could VPN to your own house and your IP would stay the same.