Comment on Plex server patching required
pHr34kY@lemmy.world 1 day agoI did this a few months back.
Some things aren’t as great, but you get full control and your server idles way better on JellyFin.
Comment on Plex server patching required
pHr34kY@lemmy.world 1 day agoI did this a few months back.
Some things aren’t as great, but you get full control and your server idles way better on JellyFin.
rumba@lemmy.zip 21 hours ago
Yeah, as long as you have a decently supported client the entire platform is very serviceable. I do wish they would get rid of the unprotected endpoints and officially support 2FA on the server and clients.
For all their anti-consumer practices Plex does at least take their security very seriously.
fmstrat@lemmy.nowsci.com 11 hours ago
I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren’t updated.
rumba@lemmy.zip 9 hours ago
I’ll go look at it again as well, their (jf) source control still had a lot of ancient open tickets last time I looked at it.
TLS for Plex was a really nice guesture. Company handling the issuing of the cert was pretty nice.
Realistically, I don’t mind running a proxy for SSL unwrapping, there are enough projects out there that handle the unwrapping and renew their own keys from lets encrypt.
I just want to self-host this thing maybe run it through a single proxy product send the URL out to my extended family and forget about it. I wanted to be as secure as reasonably possible enough that I feel comfortable surfacing it.
Right now I surface Plex for the distant relations and tailscale jellyfin for my own, but it kills me I want Plex gone. But there are random TVs and kids on tablets, and honestly I don’t want to be everyone’s VPN endpoint or worry about onboarding everyone’s new device.
fmstrat@lemmy.nowsci.com 9 hours ago
Yea the catch was we were asking for TLS for a long time, and this was pre- Let’s Encrypt, so those patching on their own didn’t have a free (minus work) way to handle it. It took a releasable POC to get action.
All out devices just have a permanent Wireguard client since it uses basically no battery, and then a allow rules for households. If you don’t want to run the client, and don’t want to take the time to learn, you don’t get access. But I totally get how that’s not for everyone.