Comment on LXC Jellyfin Containers and Tailscale
rtxn@lemmy.world 1 month ago
external access
Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?
Comment on LXC Jellyfin Containers and Tailscale
rtxn@lemmy.world 1 month ago
external access
Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?
NastyNative@mander.xyz 1 month ago
anywhere from the internet.
rtxn@lemmy.world 1 month ago
Tailscale Funnel will let you expose a host to everyone on the internet. You’ll need the Tailscale client running on either the Jellyfin host or a reverse proxy pointing to it. Tailscale itself will act as a reverse proxy with TLS encryption, plus a DNS server.
Exposing a service to the internet will always present some risk. You should definitely run your LXCs as unprivileged to mitigate the potential damage if an attacker escapes the container, or put the services in full virtual machines.
baner@lemmy.zip 1 month ago
Just remember that using funnel fpr streamimg seevoces is against thr toss.
NastyNative@mander.xyz 1 month ago
Tailscale actually has good documentation on this Funnel and I read the same. Thank you!