Fair, but self hosting stuff has that part of self. It is difficult to make it easy for everyone since everyone has a different setup, as such it is mostly directed towards people who are expert in doing this kinds of things or who will dedicate the time to learn how to do it.
The good thing is after you spent a couple days trying to figure out how to make it work, it will work in the future and you already know how to setup more stuff.
It’s not directed towards people who are experts. I’m an expert and can’t secure Jellyfin properly because Jellyfin doesn’t support proper secure authentication.
I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don’t support OIDC either.
Plex does it’s own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby.
Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
I actually love when I run into an issue like that get an error. Researching that stuff is fun for me, but I think trying to get the average person to do it is a non-starter
Tailscale could probably be easier but I wanted to make it easy for my parents.
I was trying to set it up via Reverse Proxy in Caddy. My stupid NAS has proprietary software and the only way to do it is in Docker but their version of docker has some wonky issues with ports.
It’s been a few weeks since I’ve tinkered with it but I plan on pulling it up today. If I remember right, it works fine if I launch it as a singular container by itself, but if I launch it inside a container with multiple apps, it says the ports are in use. I verified that no other app is using the ports. I checked in the CLI and it says containers is using the port. Very weird.
Following tutorials and researching online had been helpful by my NAS uses QNAP’s QTS operating system. It locks you out of many basic functions. I can’t install apps outside of its App Store unless it’s in a docker container, for example.
Many command line functions have also been removed so when I’m troubleshooting or looking for alternate fixes, I’m blocked out.
I can use docker compose. I need them on the same container so they can see the other apps exist and direct traffic there. Or that I as my understanding.
I tried setting up Caddy on a separate container as Jellyfin but that didn’t work.
I need them on the same container so they can see the other apps exist and direct traffic there.
That’s only by default, since all apps in a container share a network. I got this working with my *arr stack using multiple containers by manually creating a shared network in the console, then adding that network to each compose file. Works like a dream.
It’s not easy trying to set up VPN or a reverse proxy, dynamic DNS and so on if you want secure access for more than yourself l, that is true. I hope they can figure out a way to make that process a lot easier.
Actually, using an LLM to walk you through the process of setting up jellyfin inside a docker container (and setting up the arr stack) and all of that makes things a lot easier than trying to figure it all out on your own.
That was a big reason I went with Emby. Not open source, but wasn’t necessary to me, and I wanted a cloud connect function that it handled well. And not all devices have a Jellyfin app that’s easy to install. My TV would require it to be rooted.
Bro win 10 computers are essentially free thanks to microsoft’s windows 11 requirements and any of them can keep up with transcoding. Add onto that any second hand sata drives and a sata controller than handles multiple parity drives for raid 5 and you’ve got a solution that is under the yearly subscription fee of ad-free netflix and a fun weekend project.
Too bad that high capacity HDDs and SSDs went through the roof.
Not like you can have a big library with 5x 2TB HDDs if you arent willing to sacrifice quality/bitrate. Simply not feasible.
They are going to salvage…
We (the MSP I work at) constantly throw out older systems. Too bad they have SSDs with data of potential clients and thus need to be destroyed according to GDPR…
Hence my solution. You can get 2-4 TB drives for around $30 on ebay. Get a flexible RAID controller that can handle multi-parity Raid 50, ideally a second hand raid card. We’re at a total of $230 in at this point, assuming you have a windows 10 desktop lying around.
This is not a high data speed situation. If you have 6 or more drives you can dedicate two to parity and now you will never have data loss despite buying second hand drives. Effective storage capacity will be 16TB, which is more than enough to store 100 full series and a few thousand movies at 1080p or lower, and raid 50 gives a speed boost above what your controller will likely be able to handle, and way above what is needed for even a quite large multi-user media server.
Data storage is still incredibly cheap. You’re just confusing your needs and your wants.
So long as you don’t need to stockpile old shows you never watch, you can get by on an old laptop and possibly an external drive.
My homelab started out on a Raspberry Pi 2b. Most of the hardware Ive brought online were dumpster specials someone else didn’t want. It can be done on the cheap. Won’t necessarily be reliable, but it can be done cheap.
I’m in no position to toss to much shade at the data hoarder community. I’m personally sitting on close to 64TB of media I’ve collected over the years. In my case, most of it legitimately acquired, either by myself or by family, but still. It adds up and most of it hasn’t been accessed more than once or twice.
This can work fine if you’re just a single user/household since you can ensure that you’re only acquiring audio/video codecs that will play without transcoding but gets more challenging if you’re also sharing remotely with others since you don’t necessarily know what devices they’re using to watch which may require transcoding.
Jellyfin does not.
Setting up Jellyfin to be accessible outside of my home network has been a huge pain in the ass.
Not Jellyfin’s fault tho. I wish there was an easier way
Fair, but self hosting stuff has that part of self. It is difficult to make it easy for everyone since everyone has a different setup, as such it is mostly directed towards people who are expert in doing this kinds of things or who will dedicate the time to learn how to do it.
The good thing is after you spent a couple days trying to figure out how to make it work, it will work in the future and you already know how to setup more stuff.
It’s not directed towards people who are experts. I’m an expert and can’t secure Jellyfin properly because Jellyfin doesn’t support proper secure authentication.
Which authentication method are you wanting for it? I wouldn’t call myself an expert but my job stuck senior in front of my title a few years back.
Native OIDC/SSO support, allowing users to offload the authentication to a purpose built software.
Then don’t and do VPN?
I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused service vs a media consumption service competing for max security…
I wonder what would be the most successful at this task…
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don’t support OIDC either.
Plex does it’s own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby. Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
I actually love when I run into an issue like that get an error. Researching that stuff is fun for me, but I think trying to get the average person to do it is a non-starter
It is Jellyfins fault and there is an easier way, the Jellyfin team just hasn’t prioritized it.
I don’t mind paying a seedbox company to provide me with a box with qbittorrent and emby and other stuff I don’t use
I use tailscale and NPM to reverse proxy.
When I want to watch, I turn on the VPN and go to the app. Easy peazy
Tailscale could probably be easier but I wanted to make it easy for my parents.
I was trying to set it up via Reverse Proxy in Caddy. My stupid NAS has proprietary software and the only way to do it is in Docker but their version of docker has some wonky issues with ports.
Oh, I use caddy too. What gave you trouble?
It’s been a few weeks since I’ve tinkered with it but I plan on pulling it up today. If I remember right, it works fine if I launch it as a singular container by itself, but if I launch it inside a container with multiple apps, it says the ports are in use. I verified that no other app is using the ports. I checked in the CLI and it says containers is using the port. Very weird.
Following tutorials and researching online had been helpful by my NAS uses QNAP’s QTS operating system. It locks you out of many basic functions. I can’t install apps outside of its App Store unless it’s in a docker container, for example.
Many command line functions have also been removed so when I’m troubleshooting or looking for alternate fixes, I’m blocked out.
You nas doesn’t support docker compose? Its kind of the only reason why you’d want to have several processes on the same container.
Ps.: can you ssh in?
I can use docker compose. I need them on the same container so they can see the other apps exist and direct traffic there. Or that I as my understanding.
I tried setting up Caddy on a separate container as Jellyfin but that didn’t work.
That’s only by default, since all apps in a container share a network. I got this working with my *arr stack using multiple containers by manually creating a shared network in the console, then adding that network to each compose file. Works like a dream.
Would a docker-compose.yaml like this one work? https://privatebin.net/?1d1d30a1e92a974a#JDwvxcmJyjwmhir4YFvVrRGhn7fUJNqgTbrmgBYe1etC I just basically ripped that off my working setup. This sets up two containers that can see each other
It’s not easy trying to set up VPN or a reverse proxy, dynamic DNS and so on if you want secure access for more than yourself l, that is true. I hope they can figure out a way to make that process a lot easier.
Actually, using an LLM to walk you through the process of setting up jellyfin inside a docker container (and setting up the arr stack) and all of that makes things a lot easier than trying to figure it all out on your own.
Have to agree. I hate LLM but this is a good use for it.
Happy cake day! Thanks for the info!
That was a big reason I went with Emby. Not open source, but wasn’t necessary to me, and I wanted a cloud connect function that it handled well. And not all devices have a Jellyfin app that’s easy to install. My TV would require it to be rooted.
Yeah but good luck building out homelab these days. Too expensive
Bro win 10 computers are essentially free thanks to microsoft’s windows 11 requirements and any of them can keep up with transcoding. Add onto that any second hand sata drives and a sata controller than handles multiple parity drives for raid 5 and you’ve got a solution that is under the yearly subscription fee of ad-free netflix and a fun weekend project.
Too bad that high capacity HDDs and SSDs went through the roof.
Not like you can have a big library with 5x 2TB HDDs if you arent willing to sacrifice quality/bitrate. Simply not feasible.
Where? I am not seeing any computers worth grabbing, even though I keep hearing people are dumping win 10 computers everywhere.
They are going to salvage… We (the MSP I work at) constantly throw out older systems. Too bad they have SSDs with data of potential clients and thus need to be destroyed according to GDPR…
I have seen a few pallet auctions (lots of 100 or more) but they are not going cheap.
This too :(
Can you guide my grandma to help her set it up? I’ll give you her number.
Edit: Just want to say I appreciate the info still
not the issue, storage price is
Hence my solution. You can get 2-4 TB drives for around $30 on ebay. Get a flexible RAID controller that can handle multi-parity Raid 50, ideally a second hand raid card. We’re at a total of $230 in at this point, assuming you have a windows 10 desktop lying around.
This is not a high data speed situation. If you have 6 or more drives you can dedicate two to parity and now you will never have data loss despite buying second hand drives. Effective storage capacity will be 16TB, which is more than enough to store 100 full series and a few thousand movies at 1080p or lower, and raid 50 gives a speed boost above what your controller will likely be able to handle, and way above what is needed for even a quite large multi-user media server.
Data storage is still incredibly cheap. You’re just confusing your needs and your wants.
stremio/nuvio + torbox since yall keep mentioning not storing anything longterm and deleting as you go
Cheaper than a netflix subscription. Especially if you repurpose the last PC you upgraded as a server. Jellyfin will run fine on 15 year old hardware.
If you’re happy with FHD (1080p) res, the requirements for both server and client are very low.
So long as you don’t need to stockpile old shows you never watch, you can get by on an old laptop and possibly an external drive.
My homelab started out on a Raspberry Pi 2b. Most of the hardware Ive brought online were dumpster specials someone else didn’t want. It can be done on the cheap. Won’t necessarily be reliable, but it can be done cheap.
Where the fun in not hoarding old childhood shows and movies ;)
c/datahoarders feeling personally attacked
:-D
I’m in no position to toss to much shade at the data hoarder community. I’m personally sitting on close to 64TB of media I’ve collected over the years. In my case, most of it legitimately acquired, either by myself or by family, but still. It adds up and most of it hasn’t been accessed more than once or twice.
Jellyfin isn’t too demanding. I’m still running my whole media stack on a Raspberry Pi 4.
This can work fine if you’re just a single user/household since you can ensure that you’re only acquiring audio/video codecs that will play without transcoding but gets more challenging if you’re also sharing remotely with others since you don’t necessarily know what devices they’re using to watch which may require transcoding.