Comment on LXC Jellyfin Containers and Tailscale
rtxn@lemmy.world 3 days ago
external access
Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?
Comment on LXC Jellyfin Containers and Tailscale
rtxn@lemmy.world 3 days ago
external access
Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?
NastyNative@mander.xyz 3 days ago
anywhere from the internet.
rtxn@lemmy.world 3 days ago
Tailscale Funnel will let you expose a host to everyone on the internet. You’ll need the Tailscale client running on either the Jellyfin host or a reverse proxy pointing to it. Tailscale itself will act as a reverse proxy with TLS encryption, plus a DNS server.
Exposing a service to the internet will always present some risk. You should definitely run your LXCs as unprivileged to mitigate the potential damage if an attacker escapes the container, or put the services in full virtual machines.
baner@lemmy.zip 3 days ago
Just remember that using funnel fpr streamimg seevoces is against thr toss.
NastyNative@mander.xyz 3 days ago
Tailscale actually has good documentation on this Funnel and I read the same. Thank you!