Better open a package request (or pull request :D) then 😄

I graduated with my Master’s 4 months ago.

I HAVENT PLAYED A SINGLE GAME SINCE, WHAT THE FUCK

I host it publicly accessible behind a proper firewall and reverse proxy setup.

If you are only ever using Jellyfin from your own, wireguard configured phone, then that’s great; but there’s nothing wrong with hosting Jellyfin publicly.

I think one of these days I need to make a “myth-busting” post about this topic.

OK, add step above: use wildcard certificate for your domain.

Terminating the TLS connection at your perimeter firewall is standard practice, there’s no reason your jellyfin host needs to obtain the certificate.

Actual answer for 3:

• put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
• create subdomain, let’s say sub.yourdomain.com
• forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
• tell your relatives to put sub.yourdomain.com into their jellyfin app

All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either

• “port forwarding is a bad idea!!”, which yes, don’t do that. The above is not that. Or
• “people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk” which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).

(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)

No, mate. I don’t need a guide, or a tour. Just a single clarifying sentence.

“My product does x”. Right now, x could be:

• help you scam people
• provide a meditation partner
• help you learn how to code in Cobol
• give travel tips
• …

What does your product DO? And dong you dare answer “it helps you make money”, that does not explain anything.

I have clicked every link on that site and I still have exactly zero clue wtf this is.

FWIW, I have no issues sending mails/having them be received from my self-hosted to Google mail

Sorry, I should have mentioned: liking bare-metal does not mean disliking abstraction.

I would absolutely go insane if I had to go back to installing and managing each and every services in their preferred way/config file/config language, and to diy backup solutions, and so on.

I’m currently managing all of that through a single nix config, which doesn’t only take care of 90% of the overhead, it also contains all config in a single, self-documenting, language.

Nice. My partner has a Proxmox setup, so we’ve adapted the Nix config to spin up new VMs of any machine with a single command.

NixOS :)

Maybe I should have clarified that liking bare-metal does not imply disliking abstraction

Containers != services.

I don’t think I am better than anyone. I jumped into these comments because docker was pushed as superior, unprompted.

Installing and configuring does not an expert make, agreed; but that’s not what I said.

I would say I’m pretty knowledgeable about the things I host though, seeing as I am a contributor and / or package maintainer for a number of them…

They are using a hosting provider - their dad.

“The cloud” is also just a bunch of machines in a basement. Lots of machines in lots of “basements”, but still.

OK, but I’d rather be the expert.

And I have no troubling spinning up new services, fast. Currently sitting at around ~30 Internet-facing services, 0 docker containers, and reproducing those installs from scratch + restoring backups would be a single command plus waiting 5 minutes.

No, I actually think that is a good analogy. If you just want to have something up and running and use it, that’s obviously totally fine and valid, and a good use-case of Docker.

What I take issue with is the attitude which the person I replied to exhibits, the “why would anyone not use docker”.

I find that to be a very weird reaction to people doing bare metal. But also I am biased. ~30 Internet facing services, 0 docker in use 😄

I would say yes, it’s still self-hosting. It’s probably not “home labbing”, but it’s still you responsible for all the services you host yourself, it’s just the hardware which is managed by someone else.

Also don’t let people discourage you from doing bare-metal.

Yeah why wouldn’t you want to know how things work!

I obviously don’t know you, but to me it seems that a majority of Docker users know how to spin up a container, but have zero knowledge of how to fix issues within their containers, or to create their own for their custom needs.

Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.

I showed her this thread and she said: don’t bother, just use http on your local network.

Anyways, I am going to disengage from this thread now. Skepticism against things one doesn’t fully understand can be healthy, but this is an insane mix of paranoia and naïveté.

You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.

Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).

Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.

Graphene is not an ultimate arbiter of IT security, but the reason it “distrusts networks” is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).

Hosting Jellyfin on Graphene will not make it more secure, whatsoever.

If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.

If you actually assume your router is malicious, then please assume that when you initially downloaded your VPN client, it was also compromised and your VPN is not trustworthy.

The way I see it, you have two options:

1. educate yourself on network security to the point of being able to trust your network setup; or
2. forget about hosting anything