I am in love with my Jellyfin server (running in a Docker container) - it feels so nice to take back control over my media consumption again, after more than a decade in the land of streaming. So much, that I want to share this with my family.
So I was thinking of setting up a reverse proxy (Nginx Proxy Manager is what I have used before) and expose my Jellyfin-instance through that. However, I’ve seen several people be skeptical about this solution, instead opting for access through a VPN (I don’t think that would be a good solution for some of my family members).
What are the potential pitfalls of setting it up this way, that makes people skeptical? Where could I go wrong, and what dangers would I expose myself to? As I understand it, this would only expose one port to the internet, direct all that traffic to the Nginx Proxy Manager, which then forwards traffic to specific ports internally on my home network, which sounds safe in my mind. Is it misconfiguration of the proxy manager I should be wary of? Or some exploits in the proxy manager?
Fair enough. Not quite following what your issues are (I just setup the client, allowed it onto the network, done) and then setup a hostname to point to my server zerotier address. Other than that, nothing else needed on DNS etc. But as the old adage goes, your mileage may vary
I might not have explained it too well. My Jellyfin instance can be accessed from something like 192.168.1.123 or jellyfin.local on my home network. I can add those to the Jellyfin client on my phone. When I’m away from home with Zerotier switched on, I have to change the Jellyfin config on my phone to whatever the Zerotier address is for the server.
With Jellyfin shared over HTTPS, I just set my client to jellyfin.mynetwork.dynamicDNSprovider.com. If I’m away from home, the traffic gets routed to my WAN, Nginx catches it, and it gets forwarded to Jellyfin. If I’m on my home network, my local DNS server overrides the name and routes it directly to 192.168.1.123.
No need to change client settings; it just always works.
Gotcha - I am following you now, thanks!