Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
- 0 Posts
- 33 Comments
Joined 2 years ago
Cake day: July 29th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
Are you sure that works? I’m pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It’s tough because I get they’re an open-source project, and they’re volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it’s not accessible via WAN and instead has to go through a VPN, though that’d make it harder to share with others.
1·1 month agoYeah, OpenVPN definitely doesn’t have light spec requirements 😅 thankfully hardware is unfathomably powerful these days.
Or be like me stuck in the 2000s using OpenVPN still in 2025 lol
It’s more common with mobile-based connections like satellite connections or mobile-LTE data based connections, I believe.
And here I am, still using OpenVPN in 2025 lol
Oh, right, it was basic auth (behind a reverse proxy, or even in general) that Jellyfin doesn’t support and isn’t planned to support IIRC.
Here is a GitHub issue where they said they don’t plan on supporting it: https://github.com/jellyfin/jellyfin-android/issues/123
And with ro rights to media, potential damage at least should be pretty limited.
Depends entirely on where you live I would think.
It does, yeah.
If they are providing the content, they can see that they are providing the content and that much is obvious.
If you are providing the content, you wouldn’t expect that they can identify what you are watching.
That’s the difference to me, yeah.
So I searched, and all of the results were talking about setting up a VPN or a reverse proxy or whatever.
The best thing is, you can’t use a reverse proxy with it, it doesn’t even support it.
FWIW apparently this is talking about their free content, not about user content.
This is basically my exact situation lol
FOSS isn’t always more secure than closed-source, but it absolutely can be.
It depends on the priorities of the maintainers. It seems like Jellyfin’s maintainers might not be putting a huge emphasis on security, which is very disappointing, but they are volunteers at the end of the day.
Because it’s easy to accidentally run services or set up services temporarily and forget that you left them running. With UPnP being able to automatically/dynamically open ports, a firewall is just another layer of protection. You can also configure firewalls to ignore packets silently or log dropped packets, and if applications ever get new versions and end up listening on new ports, you would have to manually allow the ports. Maybe you want to have one part of an application accessible through the firewall but not another part of the application.
Plus, like you said, country blocking is another feature which personally I think is nice to have, and there are also other features too like being able to throttle connections, especially with things like fail2ban.
It’s just another layer of protection, and it ensures that everything you run is deliberate.
Seems like there is a federated solution for everything lol
There’s also a list of ActivityPub software on Wikipedia: https://en.wikipedia.org/wiki/ActivityPub#Software_using_ActivityPub
It’s important to have seperate directories for unfinished torrent downloads and complete ones, and only have sonarr pick up from the completed one
Back when I used Torrents instead of Usenet for sonarr, I had only the one folder, since Plex would generally pick up the library changes automatically anyway. I’d assume that Jellyfin is similar, although I don’t use it enough to know for sure. These days I use only Usenet for sonarr/radarr since I’m paying for Usenet and it’s excellent for automation/new content, and SABnzbd provides both incomplete and complete folders by default anyway.
How can you debug it with a TCP dump if it’s encrypted?