Tailscale truly could not be easier/simpler.
Comment on Why I moved my Plex library to Jellyfin after 14 years
fpslem@lemmy.world 3 weeks ago
This article doesn’t mention the limitations of remote access for Jellyfin, which requires some tricks like reverse proxy or Tailscale. I think Jellyfin is a great option if you only watch/listen on your home network, but if anyone wants to replicate the remote access capabilities of Plex, I typically warn them they are going to have to roll their sleeves up.
skittle07crusher@sh.itjust.works 3 weeks ago
hereiamagain@sh.itjust.works 2 weeks ago
Not for all clients, like Roku for example.
Yes the solution is different hardware, like a Google TV, older firestick, raspAP, or flash openwrt on a router. But that’s no longer plug and play and may have other caveats. Besides costing money.
No shade, it’s just not QUITE that simple every time.
rumba@lemmy.zip 2 weeks ago
Repectfully, I think you’re wrong.
Making an account and giving it to uncle fred with a website address is a LOT easier than telling him to install an app on his phone/computer, inviting him via email, then trying to explain to him how to turn it on and off and telling him not to mess with the settings and route all his traffic through my home network.
That is still one spot where plex holds an edge.
lostbit@feddit.nl 2 weeks ago
Don’t selfhost if you think a reverse proxy is tricky.
Mic_Check_One_Two@reddthat.com 2 weeks ago
You shouldn’t even have Jellyfin on a reverse proxy, because it shouldn’t be externally available. There are several known security vulnerabilities (all marked as “closed” due to inactivity on git) that the devs have said will likely never be patched. Because patching them requires moving away from the Emby fork that the entire project is built on.
It should only be externally available via a private VPN. And that alone excludes a lot of “I want to share my library with friends/family” scenarios, because step 0 will be getting their devices connected to your VPN.
At the very least, set up some form of group access/username+PW directly on your reverse proxy as a secondary security measure. Because if you can reach the JF landing page, you can exploit those vulnerabilities without needing a valid JF login. So you should configure your reverse proxy to act as a gatekeeper, and ensure attackers can’t even reach JF at all without having a valid login to your reverse proxy. But this will break most JF apps, (except for browsers) because they likely won’t have any way to give an initial user+pass to the reverse proxy before they hit the JF server.
lostbit@feddit.nl 2 weeks ago
Theres not a single issue in there thats an big security. Is it perfect? no, but its absolutely fine making it public. Stop fear mongering
Flatfire@lemmy.ca 2 weeks ago
That seems like a rather arrogant tone to take. Reverse proxies are complicated. Easy to set up, but challenging to configure depending on what your needs are. Not everyone wants a homelab.
Everyone’s journey starts somewhere and sometimes people’s needs just don’t extend beyond the easier choices available.
Evotech@lemmy.world 3 weeks ago
Just fucking yeet it online
GreenKnight23@lemmy.world 3 weeks ago
expected advice from typical JF users.
Evotech@lemmy.world 3 weeks ago
What’s the worst that can happen. Someone watches your movies
deafboy@lemmy.world 3 weeks ago Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
InputZero@lemmy.world 3 weeks ago
Yup! That’s the worst thing that can happen. Now would you be so be kind as to send us the link to your private unsecured Jellyfin server?
GreenKnight23@lemmy.world 3 weeks ago
surewhynotlem@lemmy.world 3 weeks ago
How does Plex get around that? I’ve only ever used jellyfin.
blueduck@piefed.social 3 weeks ago
Plex operates TURN servers
matron1049@lemmy.dbzer0.com 3 weeks ago
A reverse proxy is a trick? That’s like standard practice for web servers.
szszl@szmer.info 2 weeks ago
There are literaly zero limitations by Jellyfin to remotely access your media. You are free to access your instance in any way you want. Fuck plex
rumba@lemmy.zip 2 weeks ago
The next time there’s a zero day in one of their packages you get pwned because their login doesn’t protect their ‘internal’ endpoints.
Keep that thing wrapped up or you will eventually regret it.
mundane@piefed.world 3 weeks ago
Can’t you just setup a dyndns and port forwarding?
Telodzrum@lemmy.world 3 weeks ago
Yes, and if that falls within your risk tolerance it’s rather easy to set up.
Most of the people in the discussion here don’t want to open a port to the internet.
klankin@piefed.ca 3 weeks ago
To be fair Plex also requires open ports (or worse upnp) to remotly stream at full quality, without transcoding.
Telodzrum@lemmy.world 3 weeks ago
Oh, 100%. I was just trying to sum up the feelings in here.
halcyoncmdr@piefed.social 3 weeks ago
There is a third option, the program that Jellyfin was originally forked from back in 2018, Emby.
Sort of the middle child between the two. Nearly identically to Jellyfin for obvious reasons, several third party apps for Jellyfin work with it as well like Jellyseer, it has apps for nearly every device, and easy external connections via their servers like Plex does.
They do however have a premium subscription system like Plex to support things like those servers. It’s not as expensive as Plex, even before the recent rate hike, but it is there and some stuff is locked behind that premium license.
Mondez@lemdro.id 3 weeks ago
So all the bad things of both, still a proprietary product that you can funnel your cotent through servers you don’t control while simultaneously not being plex.
klankin@piefed.ca 3 weeks ago
But also benefits of both, reduced cost with easier remote setup, while simultaneously not being plex
hereiamagain@sh.itjust.works 2 weeks ago
Wait, does emby do remote access similar to Plex? And without VPN like JF? That’s literally the only thing keeping me on Plex.
WormFood@lemmy.world 2 weeks ago
I can’t recommend emby because their business practices are pretty scummy. After accepting open source contributions for years, they went closed-source in 2018 and took all those contributions with them (they had a CLA). The very next update, they added hardware acceleration and locked it behind a paywall. They had a pretty big ‘security incident’ a few years ago, which probably would have been averted if they were still open source, as users in the community flagged it as an issue long before the devs took action.
cyberpunk007@lemmy.ca 3 weeks ago
That’s why I’m running both. I use jellyfin, everyone else uses Plex 🤣
jumponboard@lemmy.world 2 weeks ago
If you can spin up a podman container, you can use a caddyfile. Hell, if you can nano, you can set uo a caddyfile.
rumba@lemmy.zip 2 weeks ago
Honestly for video I agree, for audio, it’s just me and only in my house or phone so tailscale is fine. If my friends really want audio, they can pay streaming for it.
W98BSoD@lemmy.dbzer0.com 2 weeks ago
But Jellyfin! It solves all your problems, you don’t have to pay for it (because fuck paying for software of any type even if it provides you some value), and did I mention Jellyfin‽
Why aren’t you using it yet? Are you a plex sympathizer? Get outta here with that!
What?
I don’t care if you have a good use case for using plex / Emby / Kodi / VLC / WMC / etc; you will assimilate and use Jellyifn!
JELLYFIN!!!11!1!1!1!1!. /s
You’re right, I missed that.
I personally use a reverse proxy and Wireguard setup to access remotely.
ripcord@lemmy.world 3 weeks ago
Not something that unfortunately works as easily for me to connect my ailing mom’s TV to, and do NOT want to manage the reverse proxy + cert + etc setup for a number of reasons
matron1049@lemmy.dbzer0.com 3 weeks ago
There are a ton of reverse proxy options that manage the cert for you
ripcord@lemmy.world 3 weeks ago
There’s lots of reasons I don’t want to set this up
PhAzE@lemmy.ca 2 weeks ago
The point is that you now have another app to manage or learn about just for remote viewing, and the general public can’t and won’t manage something like that. People like us, no problem, its easy, but my dad would never be able to, for example. He can install plex and just log in to an app anywhere to use it though.
Also, dont forget that many households have non-static IP addresses, so now you need more management for that issue (again, easy for us).
rumba@lemmy.zip 2 weeks ago
You do then still have to expose JF to the open internet. That’s not without risk. Neither is Plex but they do make it a point to secure all their endpoints before login.
SpacePirate@feddit.nu 3 weeks ago
If you have a machine at her place that is on most of the time you can have tailscale on that device and then make it ssh into itself with ssh portforwarding on!
skittle07crusher@sh.itjust.works 3 weeks ago
What in the goddamn fuck, sir
Install tailscale (headscale also exists if you wanna fully self-host it)
Done, solved
My mom lives 900 miles away and she can barely turn a computer on
Dultas@lemmy.world 3 weeks ago
Yeah it can be more limiting. Personally I got lucky and my mom’s TV runs Android so I could just install a wireguard client.
I will probably at some point bridge her network with mine since I want to install a TrueNAS box at her house for remote backup. So the VPN client will be moot at that point.
buffing_lecturer@leminal.space 3 weeks ago
How do you go about doing that?
rumba@lemmy.zip 2 weeks ago
just syncthing it :)