this post was submitted on 01 Apr 2026
696 points (99.2% liked)

Selfhosted

56957 readers
765 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
696
Jellyfin critical security update - This is not a joke (github.com)
submitted 4 days ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
252 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] CompactFlax@discuss.tchncs.de 73 points 4 days ago* (last edited 4 days ago) (27 children)

That’s never made sense to me; why build an authn frontend instead of just clicking your user if the security is just an illusion anyways. “Use a VPN” is fine for a mainframe, but an active project in 2026 should aspire to be better.

Edit: or make note of that on their several pages with reverse proxy configuration.

Examples dating back over six years https://github.com/jellyfin/jellyfin/issues/5415

[–] Hammersamatom@lemmy.dbzer0.com 0 points 3 days ago (14 children)

Unfortunately, not everyone is tech-literate enough nowadays to understand how a VPN works, nor do they want to

[–] Infernal_pizza@lemmy.dbzer0.com 3 points 3 days ago (8 children)

Isn't it easier to set up a VPN than expose it to the internet?

[–] sanzky@lemmy.world 6 points 3 days ago (2 children)

and then you are giving access to your lan to people whose computer you don’t control and might be full of malware.

[–] Infernal_pizza@lemmy.dbzer0.com 5 points 3 days ago

Tbh I forgot about giving access to others, my homelab is for me only lol

[–] FauxLiving@lemmy.world 2 points 3 days ago (1 children)

You only have to give them access to a specific port on a specific machine, not your entire LAN.

My VPN has a 'media' usergroup who can only access the, read-only, NFS exports of my media library.

If you're just installing Wireguard and enabling IP forwarding, yeah it would not be secure. But using a mesh VPN, like Tailscale/Headscale, gives you A LOT more tools to control access.

[–] WhyJiffie@sh.itjust.works 2 points 3 days ago (1 children)

yeah but even with plain wireguard the peers can be limited. you just have to figure out the firewall rules, or use opnsense as your wireguard server because it figures the harder part out for you.

[–] sanzky@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

it’s not that it cannot be done. the issue is that something as simple as acceding a service should not require to configure wire guard and routing rules. plenty of FOSS projects are safe to expose through a simple reverse proxy

load more comments (5 replies)
load more comments (10 replies)
load more comments (22 replies)