You just can’t securely watch anything from your jellyfin server remotely, or let others stream from your server.
The 20+ people who stream from my Plex server have never paid a cent because I have a Plex lifetime pass. In terms of value it’s one of the best purchases I’ve ever made.
You absolutely can watch from Jellyfin remotely and securly, but it does take a little setup of infrastructure. I will say Plex did a very good job at making that piece super easy and pretty much just a ‘flip a switch’ action to setup.
First you’re going to need to run it in Docker, so you can make it RO to your FS, because by running it bare-metal, the first time there’s a hole in security, they’re going to be straight in your NAS, and JF is very lax on security with the stated reason that they don’t want people to rely on their security. (no client 2fa, no open support for fail2ban only their wish.com attempt at it, no closing off endpoints if you’re not logged in)
Then you’re going to need to install traeffik, caddy or npm, setup lets encrypt yourself. that needs a dns provider and a name.
You still have no facilities for device 2FA, Your logged out enpoints are still going to serve content. If any of the packages those endpoints use have a vulnerability, every JF server out there will be immediately vulnerable.
The whole point behind locking every action behind the login is so that you only have to worry about the surface area provided by the login.
Then the DB (and hence the search) is still going to be dog slow, the music app isn’t going to let you pre-load the next song in your client, don’t come at me with your 500 item movie/music collection and tell me it’s fast enough. There are no proper hooks for elasticsearch even if i wanted to do “a little setup of infrastructure”
I run Jellyfin because it’s the moral right thing to do and Plex will eventually enshitify enough for everyone to leave, but other than occasional bug fixes, they’re not in the same class of software.
I even considered rolling up my sleeves to help. I pulled the codebase down, That DB change has been in the hopper for years now, they outright refuse to go 2fa or change logging to support fail2ban. They’re just not willing to greenlight the architectural changes they need and they’re already fixing bugs.
Yeah but any authentication I cannot control, is to me, not that secure. I can’t even log into my Plex setup from work because even though it is hosted at my home, it requires a connection to Plex’s infrastructure for login and I haven’t been able to find any OIDC options to use my own IdP. I’m definitely in the minority of their users for wanting to be able to use my own personal authentication.
You just can’t securely watch anything from your jellyfin server remotely, or let others stream from your server.
The 20+ people who stream from my Plex server have never paid a cent because I have a Plex lifetime pass. In terms of value it’s one of the best purchases I’ve ever made.
Lol, what?
You absolutely can watch from Jellyfin remotely and securly, but it does take a little setup of infrastructure. I will say Plex did a very good job at making that piece super easy and pretty much just a ‘flip a switch’ action to setup.
Just a little infrastructure…
First you’re going to need to run it in Docker, so you can make it RO to your FS, because by running it bare-metal, the first time there’s a hole in security, they’re going to be straight in your NAS, and JF is very lax on security with the stated reason that they don’t want people to rely on their security. (no client 2fa, no open support for fail2ban only their wish.com attempt at it, no closing off endpoints if you’re not logged in)
Then you’re going to need to install traeffik, caddy or npm, setup lets encrypt yourself. that needs a dns provider and a name.
You still have no facilities for device 2FA, Your logged out enpoints are still going to serve content. If any of the packages those endpoints use have a vulnerability, every JF server out there will be immediately vulnerable.
The whole point behind locking every action behind the login is so that you only have to worry about the surface area provided by the login.
Then the DB (and hence the search) is still going to be dog slow, the music app isn’t going to let you pre-load the next song in your client, don’t come at me with your 500 item movie/music collection and tell me it’s fast enough. There are no proper hooks for elasticsearch even if i wanted to do “a little setup of infrastructure”
I run Jellyfin because it’s the moral right thing to do and Plex will eventually enshitify enough for everyone to leave, but other than occasional bug fixes, they’re not in the same class of software.
I even considered rolling up my sleeves to help. I pulled the codebase down, That DB change has been in the hopper for years now, they outright refuse to go 2fa or change logging to support fail2ban. They’re just not willing to greenlight the architectural changes they need and they’re already fixing bugs.
Yeah but any authentication I cannot control, is to me, not that secure. I can’t even log into my Plex setup from work because even though it is hosted at my home, it requires a connection to Plex’s infrastructure for login and I haven’t been able to find any OIDC options to use my own IdP. I’m definitely in the minority of their users for wanting to be able to use my own personal authentication.