Jellyfin Forum
SOLVED: Jellyfin and reverse proxy - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Jellyfin and reverse proxy (/t-solved-jellyfin-and-reverse-proxy)

Jellyfin and reverse proxy - jschwar313 - 2024-01-24

I'm new to jellyfin and I want to set up a reverse proxy, I think.  I have the server and web ui on a windows computer and the client is on my samsung tv.  I don't really understand a reverse proxy, since my networking knowledge isn't very strong.  I did find a few links that cover this topic and I've pasted them below.  I want to install the reverse proxy on my windows machine using nginx and letsencrypt.  I'm wondering if that would mess up my applications that have rules set up in my firewalls that open ports and stuff like that.  I'd appreciate any help on this.

https://jellyfin.org/docs/general/networking/
 
https://jellyfin.org/docs/general/networking/nginx
 
https://jellyfin.org/docs/general/networking/letsencrypt

RE: Jellyfin and reverse proxy - tmsrxzar - 2024-01-24

it doesn't sound like a reverse proxy fits your use; it would be used for external network access f.e. watching jellyfin on your tablet while away from home

most of those links only seem to have instructions that pertain to linux so i dug up a couple guides for you on windows
you will need to use the jellyfin* specific stuff from the official guides still

nginx reverse proxy on windows
https://virendra.dev/blog/setting-up-nginx-as-a-reverse-proxy-on-windows

certbot on windows
https://certbot.eff.org/instructions?ws=other&os=windows

RE: Jellyfin and reverse proxy - xaque - 2024-01-25

I have in the past set up a reverse proxy on windows for jellyfin. By far the easiest solution is to use caddy and a ddns service like duckdns.

Jellyfin docs on caddy
https://jellyfin.org/docs/general/networking/caddy/

Caddy server for windows
https://caddyserver.com/api/download?os=windows&arch=amd64&idempotency=40655382046895

Duckdns app for windows I used
https://github.com/XWolfOverride/DuckDNS/releases/download/2.2b/DuckDNS.7z

Get subdomain on duckdns, create caddyfile and reverse proxy your subdomaine to jellyfin ip:port, and put your duckdns token/url in the updater app in case you isp changes your ip. Bingo bango

RE: Jellyfin and reverse proxy - jschwar313 - 2024-01-25

(2024-01-24, 09:14 PM)tmsrxzar Wrote: it doesn't sound like a reverse proxy fits your use; it would be used for external network access f.e. watching jellyfin on your tablet while away from home

most of those links only seem to have instructions that pertain to linux so i dug up a couple guides for you on windows
you will need to use the jellyfin* specific stuff from the official guides still

nginx reverse proxy on windows
https://virendra.dev/blog/setting-up-nginx-as-a-reverse-proxy-on-windows

certbot on windows
https://certbot.eff.org/instructions?ws=other&os=windows

The reason I was pursuing this is because I formerly used plex and I got a bunch of viruses from that.  I heard about the LastPass breaking that was caused by plex being on an employee's machine, so I thought that this was the way to go.  Is it still secure if I get metadata from the internet or do I have to stop that, too?  I don't know a lot about networks and vulnerabilities.  Thanks.

RE: Jellyfin and reverse proxy - Efficient_Good_5784 - 2024-01-25

(2024-01-25, 01:53 PM)jschwar313 Wrote: The reason I was pursuing this is because I formerly used plex and I got a bunch of viruses from that.  I heard about the LastPass breaking that was caused by plex being on an employee's machine, so I thought that this was the way to go.  Is it still secure if I get metadata from the internet or do I have to stop that, too?  I don't know a lot about networks and vulnerabilities.  Thanks.
If you're not going to use your server outside of your local network, don't worry about this.
Just because you can reach the internet and download things doesn't mean that the servers or people on the other end can connect to you (by default).

With or without a reverse proxy, fetching metadata requires your server to connect to external metadata providers. For a server to be compromised from the metadata, the metadata source would have to be compromised and modified by an attacker, then for the Jellyfin server to pull that modified metadata. A reverse proxy would not help here since the server itself initiated the connection first.

A reverse proxy only protects your server from people/bots trying to find it from the internet. It does nothing to prevent you or a program from downloading bad things since that's not the exact purpose of a reverse proxy.

Take a look at the beginning of this site, it might help you understand what a reverse proxy does too: https://www.zscaler.com/resources/security-terms-glossary/what-is-reverse-proxy

RE: Jellyfin and reverse proxy - jschwar313 - 2024-01-25

(2024-01-25, 04:08 PM)Efficient_Good_5784 Wrote:
(2024-01-25, 01:53 PM)jschwar313 Wrote: The reason I was pursuing this is because I formerly used plex and I got a bunch of viruses from that.  I heard about the LastPass breaking that was caused by plex being on an employee's machine, so I thought that this was the way to go.  Is it still secure if I get metadata from the internet or do I have to stop that, too?  I don't know a lot about networks and vulnerabilities.  Thanks.
If you're not going to use your server outside of your local network, don't worry about this.
Just because you can reach the internet and download things doesn't mean that the servers or people on the other end can connect to you (by default).

With or without a reverse proxy, fetching metadata requires your server to connect to external metadata providers. For a server to be compromised from the metadata, the metadata source would have to be compromised and modified by an attacker, then for the Jellyfin server to pull that modified metadata. A reverse proxy would not help here since the server itself initiated the connection first.

A reverse proxy only protects your server from people/bots trying to find it from the internet. It does nothing to prevent you or a program from downloading bad things since that's not the exact purpose of a reverse proxy.

Take a look at the beginning of this site, it might help you understand what a reverse proxy does too: https://www.zscaler.com/resources/security-terms-glossary/what-is-reverse-proxy

Ooops.  I marked the wrong thread as a solution.  I don't understand why it's below the thread.  Oh well.  Sorry.

RE: Jellyfin and reverse proxy - jschwar313 - 2024-01-28

I understand now.  I remember that the issue with Plex was not that the person at LastPass didn't have a reverse proxy.  It's because he had plex on his home machine and he didn't update plex with security updates.  Thanks for the help.