this post was submitted on 01 Apr 2026
709 points (99.0% liked)

Selfhosted

59999 readers
795 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
709
Jellyfin critical security update - This is not a joke (github.com)
submitted 2 months ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world
260 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] kieron115@startrek.website 21 points 2 months ago* (last edited 2 months ago) (2 children)

yeah okay let me just connect grandma's tv to a vpn.

edit: gas is $5/gal ya'll, I'm not driving to a different state each time a new family member wants to watch something from my server!

[–] possiblylinux127@lemmy.zip 1 points 2 months ago* (last edited 2 months ago) (1 children)

There are plenty of ways around this

A cheap thin client minipc is only like 20-40 USD and would solve the problem overnight

[–] kieron115@startrek.website 3 points 2 months ago (1 children)

I can set it up, and you can set it up, but for the average user?

[–] possiblylinux127@lemmy.zip 6 points 2 months ago (1 children)

The average user isn't using Jellyfin

All you need is a little Linux knowledge in order to setup Netbird with Caddy

[–] kieron115@startrek.website 1 points 2 months ago (1 children)

I'm talking average enough to see an article, or hear about it from a friend/coworker, then follow the insanely easy setup directions for Windows. I know plenty of people who aren't really "computer people" but know enough to open a port because they had to to get a game working at some point or another. Those people probably wouldnt notice "hey this thing is going to http maybe i should rethink this...."

[–] Shnog@lemmy.world 2 points 2 months ago (1 children)

These are going to be the people who think it's smart to just open up RDP and SSH to the wide web though...they shouldn't be forwarding ports...they should use a VPN.

[–] kieron115@startrek.website 1 points 2 months ago* (last edited 2 months ago) (1 children)

I had to explain to one of them why RDP is a bad idea lol. Thats kind of my point - average people tend to only know enough to be dangerous, not to do things safely. Or as Shakespeare said - "The fool doth think he is wise, but the wise man knows himself to be a fool.”

[–] Shnog@lemmy.world 4 points 2 months ago (1 children)

Yeah. This is why you don't encourage normies to port forward....they make everyone a domain admin and open up RDP...

[–] kieron115@startrek.website 1 points 2 months ago

Yeah I had to convince them to try RustDesk so they would stop using RDP. Like I said, a lot of people just know enough to be dangerous.

[–] Shnog@lemmy.world -1 points 2 months ago (1 children)

Setup a VPN gateway at Grandma's house. Works fine for me.

[–] kieron115@startrek.website 5 points 2 months ago* (last edited 2 months ago) (2 children)

I think you're missing the point - that's neither simple nor easy for most people. I'm a network engineer and I don't wanna deal with setting up and (being responsible for troubleshooting) a bunch of VPNs! Nevermind the additional power/CPU usage from the tunnels. My parents just got fiber and they don't even have a public address (ipv4 or v6) which just adds another layer of headache. thanks west virginia...

[–] Shnog@lemmy.world 2 points 2 months ago* (last edited 2 months ago) (2 children)

I'd much rather deal with setting up a few VPN gateways which is trivial at most...than securing a public web service. I deal with that crap enough at work.

There are a lot less variables to contend with with a single VPN endpoint which undergoes considerably more security auditing than N public web services. Many of which I don't have the time to review myself and mitigate if they decide to suck at coding.

Edit: I share my services with less than 5 households though.

Edit2: I'm not sure what public ipv4 or ipv6 has to do with this. My remote sites use starlink ipv4. I haven't setup ipv6 on those internally at all. They all tunnel via wireguard to my homesite.

[–] kieron115@startrek.website 4 points 2 months ago

When I set up wireguard it was just more complicated when one side didn't have a public IP. Whyyyy can't we adopt ipv6 already.

[–] kieron115@startrek.website 2 points 2 months ago (1 children)

also fyi starlink has public ipv6 available if you DO wan't to set it up. been hosting a minecraft server off a starlink connection lol.

[–] Shnog@lemmy.world 1 points 2 months ago

At my remote site it has little value. At my home I have IPv6 setup on Starlink as my secondary backup internet. I use Fiber as the primary that has a public IPv4 and IPv6.

Could just use a VPS though I guess if you want.

[–] sefra1@lemmy.zip 1 points 2 months ago (1 children)

If you have the skills to setup a Jellyfin server you also have the skills to setup wireguard.

My parents just got fiber and they don't even have a public address (ipv4 or v6) which just adds another layer of headache. thanks west virginia...

That's a very specific use case.

[–] kieron115@startrek.website 1 points 2 months ago

If you have the skills to setup a Jellyfin server you also have the skills to setup wireguard.

They appear to offer a guided installation for windows users.