this post was submitted on 01 Apr 2026
696 points (99.2% liked)

Selfhosted

56957 readers
806 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
696
Jellyfin critical security update - This is not a joke (github.com)
submitted 4 days ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
252 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Infernal_pizza@lemmy.dbzer0.com 3 points 4 days ago (2 children)

Isn't it easier to set up a VPN than expose it to the internet?

[–] sanzky@lemmy.world 6 points 3 days ago (2 children)

and then you are giving access to your lan to people whose computer you don’t control and might be full of malware.

[–] Infernal_pizza@lemmy.dbzer0.com 5 points 3 days ago

Tbh I forgot about giving access to others, my homelab is for me only lol

[–] FauxLiving@lemmy.world 2 points 3 days ago (1 children)

You only have to give them access to a specific port on a specific machine, not your entire LAN.

My VPN has a 'media' usergroup who can only access the, read-only, NFS exports of my media library.

If you're just installing Wireguard and enabling IP forwarding, yeah it would not be secure. But using a mesh VPN, like Tailscale/Headscale, gives you A LOT more tools to control access.

[–] WhyJiffie@sh.itjust.works 2 points 3 days ago (1 children)

yeah but even with plain wireguard the peers can be limited. you just have to figure out the firewall rules, or use opnsense as your wireguard server because it figures the harder part out for you.

[–] sanzky@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

it’s not that it cannot be done. the issue is that something as simple as acceding a service should not require to configure wire guard and routing rules. plenty of FOSS projects are safe to expose through a simple reverse proxy

[–] Hammersamatom@lemmy.dbzer0.com 3 points 4 days ago* (last edited 4 days ago) (2 children)

Oh absolutely, difference being that you only need to expose the service once, versus helping however many people set up VPNs to access the service on your LAN

I know way too many people who won't remember to toggle it on, or just won't deal with it

It's just not convenient enough

[–] WhyJiffie@sh.itjust.works 1 points 3 days ago

I know way too many people who won't remember to toggle it on, or just won't deal with it

they need a VPN app that toggles automatically. turn off when they happen to connect to your network, otherwise on, and only forward jellyfin and such apps through it.

[–] WhyJiffie@sh.itjust.works 1 points 3 days ago

I know way too many people who won't remember to toggle it on, or just won't deal with it

they need a VPN app that toggles automatically. turn off when they happen to connect to your network, otherwise on, and only forward jellyfin and such apps through it.