this post was submitted on 03 Jul 2025
695 points (96.4% liked)

Selfhosted

46653 readers
1117 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

after almost 15yrs my plex server is no more. jellyfin behind nginx with authentik is running very nicely.

you are viewing a single comment's thread
view the rest of the comments
[–] cmgvd3lw@discuss.tchncs.de 3 points 1 day ago (3 children)

What is authentik and could I use it on podman with compose?

[–] Lem453@lemmy.ca 4 points 23 hours ago

The best and most versatile system is having domains and a reverse proxy that has internal and external domains. Ie jelly.example.com and Vaultwarden.internal.example.com

Then you add authentik which does SSO for many app like nextcloud, immich, linkwarden etc. For apps that don't integrate, you can still use his with reverse proxy authentication (sonarr).

Naturally this is more complex to setup but nothing beats the versatility.

I can choose extra protection for things like vaultwarden (need to connect via wiregaurd). Make things external for other users to access easily (immich, jellyfin, etc). Everything is based on users that are made in authenticatik and they all have the same password with single sign on.

You would approach this is pieces. get the domain and reverse proxy working first. Then authentik. this is only realistic with docker compose.

[–] meh@piefed.blahaj.zone 4 points 1 day ago

authentik is an identity server. theres a couple free ones available, this one just worked for me. it provides oauth and ldap fallback for the jellyfin server. along with login for most of the other servers i host like nextcloud/calibre-web/lychee etc. it has a nice easy log in process along with a 'homepage' kinda thing for everything my users can access with their account. makes it easier to support the non technical friends and family.

[–] teppa@piefed.ca 4 points 1 day ago

Its a pre-authentication gateway and SSO provider for OAuth/SAML. So if you dont trust a random docker container to be secure it requires you to authenticate and then it automatically passes a token to the app for SSO if it supports OAuth/SAML.