+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: General Questions (https://forum.jellyfin.org/f-general-questions)
+--- Thread: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? (/t-exposing-jellyfin-https-or-is-a-vpn-really-req-d-with-family-members-remotely)
Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - ballen - 2023-10-06
Good evening all,
I'm considering moving over from Plex to Jellyfin but have a couple of questions that I hope some of you might be able to help with (or share your experience if doing something similar):
1) In my house, the majority of my TV's are Samsung Smart TV's and I see that a native Jellyfin client is not available to install from the app store (I know that you can manually build and side-load it though as well as being able to use other third-party "premium" apps like Infuse) but I think I'd rather buy a separate (dedicated) streaming client and therefore wondered if the Amazon FireStick 4K might be better over the Roku devices? (or maybe you have another suggestion?) - If any of you have any experience with either, or better still ,both devices - I'd love to hear your recommendation as to which one I should go with in terms of ease of setup, app installation and quality/experience.
2) I'd like to share my media library with some family members and maybe a couple of friends too - Whilst I know I can just reverse proxy (eg. Nginx) and sit Jellyfin behind an SSL cert - I'm concerned with legal issues (maybe it's not a big deal just sharing with a few people but I'd rather not run the risk if HTTPS (without a VPN) is not recommended?) and believe that therefore, my next best option might be to setup a Wireguard Server at home and then, using a recommended device (FireStick 4K maybe?? - again, I have zero experience thus far with these devices but would love to know if it's possible) install both the Jellyfin client and a VPN client to automatically connect to my home network (via. Wiregaurd) when the streaming device starts up and then allow my family members (who live remotely) to be able to securely access my Jellyfin instance?
If you are sharing your media library with friends and/or family members are you just using a reverse proxy (with SSL cert) or are you/would only recommend using a VPN too?
If anyone has any input/suggestions or personal experience with any of these things, I'd really appreciate any info
Thanks in advance!
RE: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - TheDreadPirate - 2023-10-06
(2023-10-06, 04:47 PM)ballen Wrote: Good evening all,
I'm considering moving over from Plex to Jellyfin but have a couple of questions that I hope some of you might be able to help with (or share your experience if doing something similar):
1) In my house, the majority of my TV's are Samsung Smart TV's and I see that a native Jellyfin client is not available to install from the app store (I know that you can manually build and side-load it though as well as being able to use other third-party "premium" apps like Infuse) but I think I'd rather buy a separate (dedicated) streaming client and therefore wondered if the Amazon FireStick 4K might be better over the Roku devices? (or maybe you have another suggestion?) - If any of you have any experience with either, or better still ,both devices - I'd love to hear your recommendation as to which one I should go with in terms of ease of setup, app installation and quality/experience.
2) I'd like to share my media library with some family members and maybe a couple of friends too - Whilst I know I can just reverse proxy (eg. Nginx) and sit Jellyfin behind an SSL cert - I'm concerned with legal issues (maybe it's not a big deal just sharing with a few people but I'd rather not run the risk if HTTPS (without a VPN) is not recommended?) and believe that therefore, my next best option might be to setup a Wireguard Server at home and then, using a recommended device (FireStick 4K maybe?? - again, I have zero experience thus far with these devices but would love to know if it's possible) install both the Jellyfin client and a VPN client to automatically connect to my home network (via. Wiregaurd) when the streaming device starts up and then allow my family members (who live remotely) to be able to securely access my Jellyfin instance?
If you are sharing your media library with friends and/or family members are you just using a reverse proxy (with SSL cert) or are you/would only recommend using a VPN too?
If anyone has any input/suggestions or personal experience with any of these things, I'd really appreciate any info
Thanks in advance!
1) Personally, I don't recommend Firesticks because of their jank Android implementation and slow OS updates. Roku as a company is going through some pains as they transition from "grow at all costs" mode to "figure out how to be profitable" mode. I've had a good experience with the Google Chromecast with GoogleTV 4K.
2) As long as you aren't running a 1000 user commercial piracy operation, no one is going after you. Whether you should use https and make it openly available or using a VPN depends on your clients and how much hassle you want to go through for each client. Setting up https means you go through the hassle once and then clients can connect securely from anywhere without additional configuration.
My recommendation
A) Setup a reverse proxy
B) LetsEncrypt certs
C) Use a different port for https (configurable in the reverse proxy). Preferably a port in the ephemeral range (49152-65535).
D) Setup fail2ban
Bonus) Setup reverse proxy to only use latest encryption algorithms, apache and nginx only. https://forum.jellyfin.org/t-apache-nginx-disable-weak-tls-ciphers
RE: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - bitmap - 2023-10-06
The Roku client has been through some awesome development recently and while I'm not aware of anything on the corporate side, the devices serve my purposes very well, both at home and while I'm traveling, including overseas (it was a breeze to set my travel Roku up in Europe and keep the kids 6-16 occupied during down time).
If you containerize at all, you can wrap up A-D in one container with Swag, a Linuxserver.io offering that includes nginx, letsencrypt, CertBot, pre-made configurations that are in varying states of correctness, and fail2ban plus some pretty easy config steps for common hosting solutions like cloudflare or DuckDNS. I added how to beef up your encryption with Swag thanks up analysis and guidance from @TheDreadPirate to the guide linked in the post above.
RE: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - ballen - 2023-10-06
Thank you so much guys (@TheDreadPirate and @bitmap) - I'll definitely go down the reverse proxy/LetsEcrypt and Fail2Ban path then! - I've got several years of experience with Nginx etc so should be pretty straightforward
...I'm actually pleased that you recommended that @TheDreadPirate as I'd rather configure it that way than having to setup numerous VPN clients.
The last piece of the puzzle then is just to work out which client-side device to use to connect to the TV's - I should probably try the Google ChromeCast/TV 4K then (to be honest, I didn't even think about using/trying that
Thanks again, I REALLY appreciate it
...I hope you both have a great weekend!
RE: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - TheDreadPirate - 2023-10-06
OH. One more thing you should do. In the dashboard settings for each user, check "Hide this user from login screens". This way if someone finds your jellyfin port they are very unlikely to lock an actual account with failed attempts before fail2ban blocks them.
RE: Exposing Jellyfin (HTTPS or is a VPN really req'd?) with family members remotely? - ballen - 2023-10-06
(2023-10-06, 07:31 PM)ballen Wrote: Thank you so much guys (@TheDreadPirate and @bitmap) - I'll definitely go down the reverse proxy/LetsEcrypt and Fail2Ban path then! - I've got several years of experience with Nginx etc so should be pretty straightforward
...I'm actually pleased that you recommended that @TheDreadPirate as I'd rather configure it that way than having to setup numerous VPN clients.
The last piece of the puzzle then is just to work out which client-side device to use to connect to the TV's - I should probably try the Google ChromeCast/TV 4K then (to be honest, I didn't even think about using/trying that
Thanks again, I REALLY appreciate it
...I hope you both have a great weekend!
Awesome - thanks for the tip - I'll be sure to do this
...again, I really appreciated the help - Thank you!
Awesome - thanks for the tip - I'll be sure to do this
...again, I really appreciated the help - Thank you!
[/quote]
Awesome - thanks for the tip - I'll be sure to do this
...again, I really appreciated the help - Thank you!