Kind of a quick off the cuff question… but is it difficult to get a docker hosted jellyfin server accessible outside of lan safely?

I have tailscale and a VPN I can use for my own devices but would like to be able to access it safely without needing those.

  • @SheeEttin
    link
    English
    181 year ago

    Stick with the VPN. No point in exposing more services with possible security vulnerabilities.

        • @manwichmakesameal
          link
          English
          31 year ago

          Why not just run your own WireGuard instance? I have a pivpn vm for it and it works great. You could also just put jellyfin behind a TLS terminating reverse proxy.

          • @dinosaurdynasty
            link
            English
            21 year ago

            Sounds like a pain to get non technical family members to use. If you’re willing to break the non web app you could always put it behind an authenticating proxy (which is what I do for myself outside of VPN, setting up a VPN on a phone is obnoxious and I only look at metadata anyway on my phone)

          • kratoz29
            link
            fedilink
            English
            11 year ago

            Why not just run your own WireGuard instance?

            CGNAT is a big reason.

        • @SuddenlyBlowGreen
          link
          English
          1
          edit-2
          1 year ago

          Yep, that way you can set ACLs, you they can only access the jellyfin ports + the ports you allow them to.

          Also, tailacale DNS.

          The fact that tailscale has google/apple/etc logon integration will also help.

  • @darkan15
    link
    English
    111 year ago

    If you are not behind a CGNAT, it should be as easy as opening the necessary ports.

    I have a reverse proxy running in ports 80, 443 and can safely access Jellyfin on a subdomain without issues from outside my LAN.

  • Strit
    link
    fedilink
    English
    41 year ago

    To get it outside the LAN, you just need to forward the port it uses in your router. Example 8096 for regular http requests. I would highly recommend getting at least a reverse proxy with an SSL cert.

  • @[email protected]B
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CGNAT Carrier-Grade NAT
    DNS Domain Name Service/System
    NAT Network Address Translation
    SSL Secure Sockets Layer, for transparent encryption
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network

    5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #204 for this sub, first seen 9th Oct 2023, 21:05] [FAQ] [Full list] [Contact] [Source code]

  • @[email protected]
    link
    fedilink
    English
    21 year ago

    Depends on your definition of safe.

    If you do a public port forward and set up basic security and proper SSL its safe from the majority of people.

  • Possibly linux
    link
    fedilink
    English
    11 year ago

    You can but it will cause security issues. You will need to buy a domain and setup a SSL proxy with https to proxy traffic in. After than I would lock down you firewall rules and make sure that a compromise can’t escape the isolated environment.

    Also make sure you docker container is hardened against excaping as it will improve security when a security hole is discovered in jellyfin