Jellyfin's an awesome open source home media server. I'll show you how I use it to organize my movies and TV shows.Part 1 (how I rip media to my computer) he...
Pros: Super easy for others to access, you just give them the address.
Cons: Not free. (Oracle free tier might work, but it’s unreliable.) But there are cheap VPSs as low as $12/yr that work pretty well. Also, it’s a bit harder to setup since you’ll need to create a VPN tunnel between your local machine and the VPS.
Using tailscale or zeroties:
Pros: Free, and easier to setup than a VPS.
Cons: People need to install extra apps to access your server.
By port forwarding:
Pros: Super easy to setup, just need to forward the ports through your router.
Cons: You’re opening a port to the internet, which is less than ideal. Also, it won’t work if you’re behind a NAT.
I have a VPS from RackNerd for something like $11.5/yr. You can check some offers from them here.
To be clear, it probably won’t work well as a Jellyfin server since the storage and CPU capabilities aren’t great. But it’s pretty good as a relay, which is what I described above. I have a local machine, and I use the VPS to relay the connection to the open internet.
It’s easy af, just look up Jellyfin server guide. Basically it’s just forwarding a few ports and setting up usernames/passwords for them and you’re good to go
A slightly more complicated setup would be to host Jellyfin on one’s server at home and run a VPN client to a VPS which would have the necessary ports forwarded and routing configured. This way the people who know the right credentials can log in (assuming SSO) and the hoster doesn’t have to open their own port
I personally use GL.iNet routers. Basically you create VPN tunnels between a WG(WireGuard) server hosted on one router, and WG clients hosted on another GL.iNet router or a device that supports the WG app (PC and mobile afaik). The router using the WG server is facing WAN so no need to port forward and you can use it to connect to your jellyfin server as well as RDP or SSH into your server. The WG clients are simple, just need to be connected to the Internet. The tunnels bandwidth is based on your ISP’s upload speed(fiber is great, with coax good luck streaming 4k) where the WG server is located. You can use WG without the router too, but I’ll just speak to my experience.
cloudflare dns mapping my domain to an oracle cloud vm.
2)oracle always free tier, 1 core amd vm, with apache reverse proxy. I also have tailscale running on this machine. You have to setup the networking rules in the oci networking area, and setup ufw/iptables as well. So then jellyfin.whatever gets mapped to tailscale_ip:jellyfin_port at home.
My server at home with tailscale as well so it has its own ip, but you can expose routes and use the same internal ip. Jellyfin server runs here. There is a dedicated user with appropriate access to my nas aswell.
This server has a vm on it that runs prowlarr/sonarr/radarr/lidarr and qbittorrent. I have an airvpn account running here with a killswitch, and also qbittorent is only allowed to use the eddie interface. I port forwarded a dedicated port on the airvpn site and told qbittorrent to use that.
So me, my partner, parnets, and friends when outside my network can go to jellyfin.domain.whatever and login to my jellyfin. No ports open to the internet except 80/443 on the reverse proxy, and no ips to remember. That will give you some things to google to get started to replicate a similar setup for your needs.
If you have good home upload and want to host at home, a simple reverse proxy on the vps provider of your choice does the trick. I host for a large group of friends and family and it all proxies through haproxy running on digitalocean.
You don’t even need the vps unless you’re behind cgnat
Though you should never expose Jellyfin to the Internet, they have had and continue to have major security problems
Do not expose Jellyfin to the general Internet. They have security issues, I would not trust that (no cloudflare does not save you by default).
There are basically two ways: VPN, or authenticated reverse proxy. VPN is probably the easiest to setup and the most flexible, but it’s a bit of a pita to use.
Authenticated reverse proxy will break apps, but the web app will work (and you can setup your reverse proxy to allow specific user agents from the VPN to bypass it, allowing apps on the VPN to work). I currently do this so I can look at metadata on my phone without a VPN setup.
Does anyone have hypothetical knowledge on how to set up jellyfin at one location for several family members spread out across the country?
Off the top of my head, I can think of 3 ways.
Where are you seeing a VPS for $1/month that works well as a Jellyfin server for multiple people?
I have a VPS from RackNerd for something like $11.5/yr. You can check some offers from them here.
To be clear, it probably won’t work well as a Jellyfin server since the storage and CPU capabilities aren’t great. But it’s pretty good as a relay, which is what I described above. I have a local machine, and I use the VPS to relay the connection to the open internet.
Still very cool, though. Thanks!
If you treat it as relay, then does it consume bandwidth on the VPS?
Yes, it does. Mine gives me 2TB/month of bandwidth, which is plenty for my use.
For 1. you don’t necessarily need a VPN. A reverse tunnel using SSH should be sufficient and is easier.
It’s easy af, just look up Jellyfin server guide. Basically it’s just forwarding a few ports and setting up usernames/passwords for them and you’re good to go
It gets more complicated if someone is double-natted (CG/NAT) unfortunately.
A slightly more complicated setup would be to host Jellyfin on one’s server at home and run a VPN client to a VPS which would have the necessary ports forwarded and routing configured. This way the people who know the right credentials can log in (assuming SSO) and the hoster doesn’t have to open their own port
add tailscale and you’re golden
one could dyndns their servers’ ipv6 instead, where cgnat to my knowledge does not exist
This is the riskiest way of doing it because you’re exposing ports to the open internet.
I personally use GL.iNet routers. Basically you create VPN tunnels between a WG(WireGuard) server hosted on one router, and WG clients hosted on another GL.iNet router or a device that supports the WG app (PC and mobile afaik). The router using the WG server is facing WAN so no need to port forward and you can use it to connect to your jellyfin server as well as RDP or SSH into your server. The WG clients are simple, just need to be connected to the Internet. The tunnels bandwidth is based on your ISP’s upload speed(fiber is great, with coax good luck streaming 4k) where the WG server is located. You can use WG without the router too, but I’ll just speak to my experience.
Edit: YT link to intro for the routers - https://youtu.be/LXbDg1v65Qs?feature=shared
My setup is this:
So me, my partner, parnets, and friends when outside my network can go to jellyfin.domain.whatever and login to my jellyfin. No ports open to the internet except 80/443 on the reverse proxy, and no ips to remember. That will give you some things to google to get started to replicate a similar setup for your needs.
In terms of security, isn’t this kind of the same as just opening the server port to the internet, which many others are advising against?
If you have good home upload and want to host at home, a simple reverse proxy on the vps provider of your choice does the trick. I host for a large group of friends and family and it all proxies through haproxy running on digitalocean.
You don’t even need the vps unless you’re behind cgnat Though you should never expose Jellyfin to the Internet, they have had and continue to have major security problems
Do not expose Jellyfin to the general Internet. They have security issues, I would not trust that (no cloudflare does not save you by default).
There are basically two ways: VPN, or authenticated reverse proxy. VPN is probably the easiest to setup and the most flexible, but it’s a bit of a pita to use.
Authenticated reverse proxy will break apps, but the web app will work (and you can setup your reverse proxy to allow specific user agents from the VPN to bypass it, allowing apps on the VPN to work). I currently do this so I can look at metadata on my phone without a VPN setup.