A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
My workaround will be to get a Chromecast or anything castable, a travel router (probably gli.net), setup a VPN and use that.
Any other device that's outside of my home is unable to open a connection due to authelia intercepting the connection and the client unable to understand that.
EDIT: ddns does not work behind cgnat, only vpns and cloudflare tunnels do. my bad.
cgnat is doable with a dynamic dns service. you sign up free at duckdns, freedns, or desec, set up the subdomain you want (example.dedyn.io), install or host in a container a small ddns tool that will periodically (5 min typically) check what your current ip is and update your dns record with that dns service automatically with an api. some routers even have a dynamic dns setting so you can do it without a separate install.
as far as security, you'll at a minimum want a long, unique password for any jellyfin accounts, and you should place it behind a reverse proxy like nginx, nginx proxy manager for a gui, caddy, or traeffik for some docker automagic fuckery i still don't understand. i use nginx proxy manager, set up a wildcard *.example.dedyn.io certificate and force ssl on each service i'm forwarding.
you can get fanicer and have an authentication layer self hosted as well like authelia or authentik, but beware that apparently mobile apps and smart tv apps for jellyfin do not play nice because they use the same http port as web access and do not have the ability to pop open a web portal for a secondary auth and will not work with these yet. so it's a good extra layer and 2fa sso addition but only if you use the webgui jellyfin and don't rely on an app, which considering you're asking about casting is probably not your use case.
what else you can do is set up a crowdsec or fail2ban service that will read logs from either the reverse proxy or jellyfin itself and ban ips thru your host firewall that fail to log in to help prevent bots from brute forcing in.
it's not perfect but with a reverse proxy, ip banning tool, and strong, long passwords on jellyfin it should be relatively ok.
however it would probably be most secure to setup an openvpn or tailscale to vpn to your host and have a definitely secure link to jellyfin from everywhere. i don't use these myself so i don't know about limitations this way such as mobile app or smart tv app compatibility, though. and if you want to share with other users it comes with its own security considerations of letting others have a vpn into your host.
hope some of this helps, also there's a cloudflare tunnel thing you can use instead of those dynamic dns services for domain redirect to ip behind cgnat, but i haven't used it either and don't know what all it entails.
good luck!
my registrar provides ddns, but how does that help with cgnat when thousands of people potentially have the same address?
oh dang, i thought i saw docs and comments saying ddns would help behind a cgnat too, must be mistaken. it's just for isps who give semi-static ips that change, not full cgnat. after some quick googling it looks like tailscale or other vpn or cloudflare tunnel are your only options.
as i said i'm getting my bouncer server set back up next year after the datacenter it's in has finished renovations, so actually getting a public address is not the biggest issue.
A VPN is the best option. You should be able to split-tunnel your jellyfin traffic and still see the device on the LAN.
i was sort of asking the opposite question to this answer, i think.