Today, 05:47 AM
(This post was last modified: Today, 05:52 AM by felix920506. Edited 3 times in total.)
Many ISPs (Internet Service Providers) don't offer public IPs for residential plans, or otherwise blocks certain ports. This makes self-hosting services harder, since you can't directly connect to your own servers at home. This guide shows you how to get around many of these restrictions by using a VPS (Virtual Private Server) as a reverse proxy for Jellyfin. While this guide is focused on Jellyfin, it can be easily adapted to other services as well.
When should I use this solution?
Situations this solution is not applicable:
Prerequisites
1. Choosing a VPS
Selecting the correct VPS for you will be very important, as it can affect your experience significantly.
If you already have an existing VPS you wish to use, please skip this section.
Factors that don't matter:
Provider
Here is a list of common providers used by hobbyists. You are free to choose any other provider you like. Hold off on choosing before you finish reading the entire section, as the best one for your experience might not be the one with the absolute best deals.
Performance Tier
VPS Providers will sell different "Tiers" of performance for their products. For our use case, even the cheapest ones will offer sufficient performance. Bandwidth is often coupled with performance tiers, please continue reading the guide for more info.
Geographic Location, Region / "Zone"
Different cloud providers have different ways of identifying their different data centers. In general, you SHOULD choose a zone that is physically closest to where you host the server. There may be some special cases depending on your ISP. Some cloud providers provide speed test tools that can be used to quickly find the best server location. Links to some: Akamai - https://www.linode.com/speed-test/ , OVH - https://proof.ovh.net/
When looking at speedtest results, the most important factor will be the UPLOAD speed from you to their datacenter. Download doesn't matter at all for Jellyfin. Ping will not matter too much for Jellyfin. Generally you want <50ms, but a few ms difference won't make much of an impact, and higher ping times won't make Jellyfin unusable. Test multiple times during different times of the day, if there are large fluctuations to a certain location but not others then that location should also not be used.
USING SPEEDTEST.NET WITH A SERVER AT THE CITY WHERE YOUR VPS IS IN WILL NOT REFLECT THE ACTUAL QUALITY OF CONNECTION BETWEEN YOU AND YOUR VPS!
Available Bandwidth
Calculated in GBs or TBs. This is how much data you are allowed to upload from your VPS before you get charged extra. 500GB - 1TB should be a good starting point for many use cases. Most providers will allow you to very easily scale up to a higher tier if you run out of bandwidth or performance.
Some providers also list bandwidth in terms of Mbps or Gbps. This is the internet speed of the VPS. This will not matter as long as it is faster than the upload speed test result in your previous step.
"IPv6 Only"
As the name suggest, these servers only have an IPv6 address and DO NOT have IPv4 addresses. You should avoid these, as many networks simply cannot handle IPv6 traffic.
2. Setting up Tailscale
Tailscale can be used to easily create a virtual network for all devices. In this guide, we will use it to create a virtual network between the Jellyfin Server and your VPS.
Follow the official instructions to install Tailscale on both your Jellyfin server and your VPS: https://tailscale.com/download
The link contains both setup and login instructions. You need to login on both your Jellyfin Server and your VPS.
After logging in, note down the Tailscale IP address of both systems. Tailscale IP addresses should look like this:
3. Configure Jellyfin for a reverse proxy
Go to your Jellyfin dashboard, in the Networking tab, put the Tailscale IP of your VPS in the Known proxies field, save and restart Jellyfin.
4. Securing your VPS
At a minimum, you should setup fail2ban on the SSH service. If you don't it will be a matter of time before your server becomes part of a botnet or a spam E-mail server. You can follow this guide: https://www.digitalocean.com/community/t...untu-22-04
You should also setup a firewall on the VPS to block unwanted connections.
5. Setup a Reverse Proxy on your VPS
Setup a Reverse Proxy on your VPS and point it to your Jellyfin server. You will need to open TCP ports 80 and 443 on the VPS for the reverse proxy to function.
Instructions for Jellyfin behind Popular Reverse Proxy software can be found below. Replace the Jellyfin IPs in the example configs with the Tailscale IP of your Jellyfin server.
If you have any feedback or suggestions please post them as comments below.
When should I use this solution?
- When you are under a CGNAT (Carrier Grade Network Address Translation) and don't have a public IP address
- When your ISP blocks incoming traffic on certain ports to your internet connection, eg. 80, 443 (HTTP and HTTPS)
Situations this solution is not applicable:
- Getting around data caps
- Your Jellyfin server is too slow and you wish to improve its performance
Prerequisites
- A Jellyfin Server. Refer to https://jellyfin.org/docs/general/installation/ for installation instructions.
- A Tailscale account: https://tailscale.com/
- A VPS. If you don't have one please read the section below on how to choose one.
- A domain name pointed at your VPS. You can get a free one with DuckDNS: https://www.duckdns.org/
1. Choosing a VPS
Selecting the correct VPS for you will be very important, as it can affect your experience significantly.
If you already have an existing VPS you wish to use, please skip this section.
Factors that don't matter:
- Provider (As long as you choose a reputable and established provider)
- Performance Tier (For the same amount of bandwidth available, CPU/RAM/Storage won't really affect experience)
- Geographic Location, Region / "Zone"
- Available Bandwidth
- "IPv6 Only"
Provider
Here is a list of common providers used by hobbyists. You are free to choose any other provider you like. Hold off on choosing before you finish reading the entire section, as the best one for your experience might not be the one with the absolute best deals.
- Akamai (Formerly Linode, free DDoS protection for all users) https://www.linode.com/
- Vultr https://www.vultr.com/
- DigitalOcean (Jellyfin sponsor, hosts many Jellyfin services) https://www.digitalocean.com/
- OVH https://us.ovhcloud.com/
- Oracle Cloud (Their free plans are very attractive) https://www.oracle.com/cloud/
Performance Tier
VPS Providers will sell different "Tiers" of performance for their products. For our use case, even the cheapest ones will offer sufficient performance. Bandwidth is often coupled with performance tiers, please continue reading the guide for more info.
Geographic Location, Region / "Zone"
Different cloud providers have different ways of identifying their different data centers. In general, you SHOULD choose a zone that is physically closest to where you host the server. There may be some special cases depending on your ISP. Some cloud providers provide speed test tools that can be used to quickly find the best server location. Links to some: Akamai - https://www.linode.com/speed-test/ , OVH - https://proof.ovh.net/
When looking at speedtest results, the most important factor will be the UPLOAD speed from you to their datacenter. Download doesn't matter at all for Jellyfin. Ping will not matter too much for Jellyfin. Generally you want <50ms, but a few ms difference won't make much of an impact, and higher ping times won't make Jellyfin unusable. Test multiple times during different times of the day, if there are large fluctuations to a certain location but not others then that location should also not be used.
USING SPEEDTEST.NET WITH A SERVER AT THE CITY WHERE YOUR VPS IS IN WILL NOT REFLECT THE ACTUAL QUALITY OF CONNECTION BETWEEN YOU AND YOUR VPS!
Available Bandwidth
Calculated in GBs or TBs. This is how much data you are allowed to upload from your VPS before you get charged extra. 500GB - 1TB should be a good starting point for many use cases. Most providers will allow you to very easily scale up to a higher tier if you run out of bandwidth or performance.
Some providers also list bandwidth in terms of Mbps or Gbps. This is the internet speed of the VPS. This will not matter as long as it is faster than the upload speed test result in your previous step.
"IPv6 Only"
As the name suggest, these servers only have an IPv6 address and DO NOT have IPv4 addresses. You should avoid these, as many networks simply cannot handle IPv6 traffic.
2. Setting up Tailscale
Tailscale can be used to easily create a virtual network for all devices. In this guide, we will use it to create a virtual network between the Jellyfin Server and your VPS.
Follow the official instructions to install Tailscale on both your Jellyfin server and your VPS: https://tailscale.com/download
The link contains both setup and login instructions. You need to login on both your Jellyfin Server and your VPS.
After logging in, note down the Tailscale IP address of both systems. Tailscale IP addresses should look like this:
100.x.y.z Instructions to find your Tailscale IP can be found here: https://tailscale.com/kb/1033/ip-and-dns-addresses3. Configure Jellyfin for a reverse proxy
Go to your Jellyfin dashboard, in the Networking tab, put the Tailscale IP of your VPS in the Known proxies field, save and restart Jellyfin.
4. Securing your VPS
At a minimum, you should setup fail2ban on the SSH service. If you don't it will be a matter of time before your server becomes part of a botnet or a spam E-mail server. You can follow this guide: https://www.digitalocean.com/community/t...untu-22-04
You should also setup a firewall on the VPS to block unwanted connections.
5. Setup a Reverse Proxy on your VPS
Setup a Reverse Proxy on your VPS and point it to your Jellyfin server. You will need to open TCP ports 80 and 443 on the VPS for the reverse proxy to function.
Instructions for Jellyfin behind Popular Reverse Proxy software can be found below. Replace the Jellyfin IPs in the example configs with the Tailscale IP of your Jellyfin server.
- Caddy (Easiest to setup) https://jellyfin.org/docs/general/networking/caddy
- Apache https://jellyfin.org/docs/general/networking/apache
- Nginx (Most Popular) https://jellyfin.org/docs/general/networking/nginx
- Traefik https://jellyfin.org/docs/general/networking/traefik2
- HAProxy https://jellyfin.org/docs/general/networking/haproxy
If you have any feedback or suggestions please post them as comments below.
