Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
You absolutely can watch from Jellyfin remotely and securly, but it does take a little setup of infrastructure. I will say Plex did a very good job at making that piece super easy and pretty much just a 'flip a switch' action to setup.
Just a little infrastructure....
First you're going to need to run it in Docker, so you can make it RO to your FS, because by running it bare-metal, the first time there's a hole in security, they're going to be straight in your NAS, and JF is very lax on security with the stated reason that they don't want people to rely on their security. (no client 2fa, no open support for fail2ban only their wish.com attempt at it, no closing off endpoints if you're not logged in)
Then you're going to need to install traeffik, caddy or npm, setup lets encrypt yourself. that needs a dns provider and a name.
You still have no facilities for device 2FA, Your logged out enpoints are still going to serve content. If any of the packages those endpoints use have a vulnerability, every JF server out there will be immediately vulnerable.
The whole point behind locking every action behind the login is so that you only have to worry about the surface area provided by the login.
Then the DB (and hence the search) is still going to be dog slow, the music app isn't going to let you pre-load the next song in your client, don't come at me with your 500 item movie/music collection and tell me it's fast enough. There are no proper hooks for elasticsearch even if i wanted to do "a little setup of infrastructure"
I run Jellyfin because it's the moral right thing to do and Plex will eventually enshitify enough for everyone to leave, but other than occasional bug fixes, they're not in the same class of software.
I even considered rolling up my sleeves to help. I pulled the codebase down, That DB change has been in the hopper for years now, they outright refuse to go 2fa or change logging to support fail2ban. They're just not willing to greenlight the architectural changes they need and they're already fixing bugs.
Yeah but any authentication I cannot control, is to me, not that secure. I can't even log into my Plex setup from work because even though it is hosted at my home, it requires a connection to Plex's infrastructure for login and I haven't been able to find any OIDC options to use my own IdP. I'm definitely in the minority of their users for wanting to be able to use my own personal authentication.