Comment on Plex has paywalled my server!
kuhli@lemmy.dbzer0.com 2 days agoYes! You just have to set up your reverse proxy to send everything through it and it’ll block the unauthenticated access.
The downside is that apps stop working since they don’t have a way to authenticate with authelia. I’ve installed it as a PWA on my phone and use an old laptop with the TV interface on my TV, but it’s not perfect
ipkpjersi@lemmy.ml 1 day ago
Are you sure that works? I’m pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
rumba@lemmy.zip 1 day ago
I just put it behind an HAProxy a few minutes ago, It appears to be fine. You just need something capable enough to handle web sockets. I’ve made it all the way through an episode of The real monsters without any problems.
Again, you’re not going to be able to 2FA it that way, what I’m looking at doing is IP whitelisting it in HAProxy using a small web helper that is 2FA, accessed via the same port but on a separate path.
ipkpjersi@lemmy.ml 1 day ago
Maybe I was thinking of this from back in 2024?
github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
rumba@lemmy.zip 1 day ago
Yeah part of doing this is keeping a ci pipeline up and unit testing against rcs and telling them exactly what’s failing. The report in that ticket gave them absolutely no choice but to try to set up an entire system to reproduce whatever the user did which they obviously don’t want to do.
WebSocket relays are poorly implemented in a lot of proxies, Even cloudflare has its fair share of issues.
The downside of using HA is reinventing the let’s encrypt pipeline for the 40th time, the upside is it’s dead simple, web sockets go in, web sockets go out, The logs are good, it’s easy to debug it with TCP dump If things start to get sketchy.
kuhli@lemmy.dbzer0.com 1 day ago
Its unsupported, but I have mine running behind nginx and haven’t run into any problems other than the aforementioned app issues.
ipkpjersi@lemmy.ml 1 day ago
Maybe I was thinking of this from back in 2024?
github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
rumba@lemmy.zip 1 day ago
The problem with putting it behind a VPN is then all your users have to be on VPN.
Self-service IP whitelisting would be easy and let all clients work without trying to hack in a separate VPN client.
The only thing that would suck would be if you were on a mobile link while moving and swapping towers your IP would change so you constantly get kicked off.
But if you were so inclined you could VPN to your own house and your IP would stay the same.