This is for remote streaming. Can Jellyfin be accessed outside the network? I thought that was the difference.
Like if I didn’t like Plex and I ran Jellyfin (and I have done), I could access it locally but I couldn’t access it, say, from a hotel a thousand miles away. Or it requires a lot more work (and maybe some paid service) to do.
Plex may have gone up, but a bunch of us got it for $100 or less years ago and we are not affected by the new limitations. Still free for our family members accessing remotely. Wasn’t free for us to set up.
Yes. Jellyfin is just a Docker container. It can be accessed the same as any other Docker container. Plex simplifies this because they can basically configure all the DNS stuff for you, because it goes through their DNS. But either can be accessed.
Or it requires a lot more work (and maybe some paid service) to do.
More specialized knowledge to configure Tailscale or a reverse proxy, yes. I use Yunohost which makes all of this a whole lot simpler.
This makes it a complete nonstarter as a plex replacement. My 89 year old grandparents and tech illiterate friends can’t and won’t use a vpn for streaming. Until jellyfin can be 1 click accessed from anywhere securely over clear net it’s not a replacement.
Until jellyfin can be 1 click accessed from anywhere securely over clear net it’s not a replacement.
It can be, speaking from extensive personal experience. I followed their Reverse Proxy guides, now my tech-illiterate friends access my server over https via a duckdns url.
That’s a far cry from how most people watch movies and TV though. Most everyone I know uses it through some sort of app on a device in their living room, like a smart TV, fire stick, game console, whatever.
I mean if you don’t want to use it you don’t need to find an excuse, just don’t.
Otherwise, Jellyfin has apps for TV, smartphones and so on; you input address, user and password the first time and that’s it.
For the clients it’s painless, it’s the first time setup as the server owner that takes a little help. But I’m no computer wizard and I managed it just fine.
Setting up a reverse proxy and dynamic domain is not one click
Maybe not for the server administrator, but for users, it’s mega easy. Download Jellyfin app on TV. Enter URL for server. Login like a normal streaming service. Done. As far as I know, Plex requires these same steps, so if Plex works for your 89 year old grandparents, Jellyfin would as well.
Jellyfin has also yet to resolve the unsecured api
In what way is the API insecure? What types of attacks are you concerned about?
I posted this below in reply to a similar comment. If you don’t like the way the devs have handled the raising of concerns, then fine, that’s kind of a judgment call and I can’t tell you what you should feel comfortable with. In my limited experience with the Jellyfin devs (including reading through the responses on that thread you linked), I do not personally get the impression that they are downplaying or refusing to correct issues. To me, it seems more like they are prioritizing some issues over others, and the outstanding security issues seem pretty minor for most use cases.
Vpn was my recommendation. You can leave it open to anyone, or put it behind a separate auth page. Or whatever you want.
My jellyfin is local only. If i wanted to give you access to it, i could flip a switch right now. That’s what the many reverse proxy options detailed in the link i gave discuss
I don’t run Jellyfin, but I’ve considered it. From what I understand, you have to set up a reverse proxy or something like Tailscale in order to access it remotely. Doing that safely can take a bit of learning, but the only part that could cost money is getting a domain name.
Is a domain name strictly necessary though? You would need a static IP. I thought you needed something like a VPS or VPN — I know what a VPN is, but I think it was something with a similar acronym — and that was a service that cost money.
With Plex it just works. When I load up Plex on a remote machine, first it tells me my server is offline, because my server is a Mac and Macs are sleepy bois, so it wakes up the Mac, which wakes up the drives, and then the server loads up and I can play pretty much anything.
I’ve ran Jellyfin on both Mac (current setup) and Windows/Intel. I like Jellyfin overall, and it does some cool things Plex doesn’t. Like you can fix details Plex won’t let you. Like for some reason it only lists the foreign actors in anime, you can manually specify the English voices if you want. Plex doesn’t let you do that and AFAIK there’s no way to. (There should be an API out there that taps into a service that lets you access any language cast, and there should be a way to set it to dynamically change the cast to whatever language you have selected.) But anyway, Jellyfin is somewhat fine, but to use it on other devices (e.g. an Apple TV box on the same network), you have to do a fair bit of configuring. It’s not just, log into the account on your phone and type in the text on the screen. Jellyfin doesn’t even prioritise Apple development, but they have come a long way.
I host a couple services for my family using a reverse proxy (nginx through SWAG), and I have a free domain name with duckdns. This is not as secure as the above tailscale solution, but has worked for me so far. This is likely how I would add Jellyfin to my workflow, since I already have a reverse proxy and domain name.
I also bought Plex years ago for 87€ but i gifted that account to a friend once i got jellyfin up and running.
You’re right - Jellfyin doesn’t have a native built-in way to access it from outside. That’s the reason Plex intercepts with their own servers when you do remote streaming, that’s one of the aspects you pay for.
Using tailscale (free and setup in like 5 min) you can access jellfin from everywhere. Easy peasy.
Rumor says that Plex also denies you remote access when you use a VPN or mesh like tailscale… so ymmv
Wouldn’t it be the same way, you open a port just like Plex, or figure out a reverse proxy.
I ran jellyfin for a little while back when Plex used to charge people a fee for using mobile
You should at least figure out port forwarding, but Plex operates a service that makes that optional. You don’t have to do that or setup a reverse proxy with Plex, it mostly just works near seamlessly.
So, I am not going to deny that those security issues exist, but it seems like they would only pop-up in niche situations, or only if someone already had access to your admin profile. Most people are using Jellyfin to share their media with themselves and their tech-illiterate friends in family. In that use case, the only people who even know my server URL are people I have shared that info with privately. Nobody is trying to hack my admin account.
Now, I am no infosec expert. Maybe there are folks that are trying to run larger operations, and for those people I can understand why these security issues may become concerning if you don’t have a tight handle on the circle of people that have access to your server. That said, it’s also a bit silly to expect a free, open source solution to meet your needs in that scenario, anyway. If you know and understand the issues that well, then maybe go join the dev team and patch the holes. That is the beauty of open source, anyone can jump in and fix it.
The main issue there isn’t the fact that these issues exist. The problem is the Jellyfin devs attitude towards them, most of these problems have been known for years (more than five in some cases) but are largely ignored. Client compatibility is valued over everything else.
There have been plenty of suggestions, ideas and even PRs, but the devs priorities don’t allow for any security centered patches to get merged
idk the full history, but Joshua’s comment here does not give me the impression of devs that are just deliberately ignoring security issues. It seems like they are simply balancing priorities, which is what all good devs should do. Personally I like that client compatibility is valued over everything else - I would be pissed if they broke the Fire TV client to fix a minor security hole on a niche Linux distro, because then one of my users would be SOL. And as Joshua says in that comment:
many other options are now open to us in a post-10.11 landscape now that we have a proper library database ready.
So it seems like now they are better set up to address the security issues without breaking compatibility.
jellyfin welcomes you with open arms
Yet can’t find a way to install it on my old Tizen… Pain.
i also would be on Tizen OS, got myself a cheap used NVidia Shield TV and use this now. debloated it etc.
Magnitudes of order better experience than fucking Tizen
This is for remote streaming. Can Jellyfin be accessed outside the network? I thought that was the difference.
Like if I didn’t like Plex and I ran Jellyfin (and I have done), I could access it locally but I couldn’t access it, say, from a hotel a thousand miles away. Or it requires a lot more work (and maybe some paid service) to do.
Plex may have gone up, but a bunch of us got it for $100 or less years ago and we are not affected by the new limitations. Still free for our family members accessing remotely. Wasn’t free for us to set up.
Yes it can be accessed outside the network. We use Tailscale. Our Jellyfin setup cost us the energy to run it, lol.
Yes. Jellyfin is just a Docker container. It can be accessed the same as any other Docker container. Plex simplifies this because they can basically configure all the DNS stuff for you, because it goes through their DNS. But either can be accessed.
More specialized knowledge to configure Tailscale or a reverse proxy, yes. I use Yunohost which makes all of this a whole lot simpler.
Sorry to be a pendantic ass. But. Jellyfin, in and on itself, has absolutely nothing to do with docker.
Oh shut up, you pedantic ass
You absolutely can access it from outside your network if you configure it that way.
Jellyfin* can be accessed outside of your network but it would be best to have set up a vpn so that it isn’t open to anyone to try logging in
https://jellyfin.org/docs/general/post-install/networking/
Edit: oops, meant jellyfin not plex lol.
This makes it a complete nonstarter as a plex replacement. My 89 year old grandparents and tech illiterate friends can’t and won’t use a vpn for streaming. Until jellyfin can be 1 click accessed from anywhere securely over clear net it’s not a replacement.
It can be, speaking from extensive personal experience. I followed their Reverse Proxy guides, now my tech-illiterate friends access my server over https via a duckdns url.
That’s a far cry from how most people watch movies and TV though. Most everyone I know uses it through some sort of app on a device in their living room, like a smart TV, fire stick, game console, whatever.
I mean if you don’t want to use it you don’t need to find an excuse, just don’t.
Otherwise, Jellyfin has apps for TV, smartphones and so on; you input address, user and password the first time and that’s it.
Oh right on. Genuinely didn’t know this
For the clients it’s painless, it’s the first time setup as the server owner that takes a little help. But I’m no computer wizard and I managed it just fine.
deleted by creator
Maybe not for the server administrator, but for users, it’s mega easy. Download Jellyfin app on TV. Enter URL for server. Login like a normal streaming service. Done. As far as I know, Plex requires these same steps, so if Plex works for your 89 year old grandparents, Jellyfin would as well.
In what way is the API insecure? What types of attacks are you concerned about?
deleted by creator
I posted this below in reply to a similar comment. If you don’t like the way the devs have handled the raising of concerns, then fine, that’s kind of a judgment call and I can’t tell you what you should feel comfortable with. In my limited experience with the Jellyfin devs (including reading through the responses on that thread you linked), I do not personally get the impression that they are downplaying or refusing to correct issues. To me, it seems more like they are prioritizing some issues over others, and the outstanding security issues seem pretty minor for most use cases.
Ya, I use Jellyfin at home but I left Plex up for my parents to remote stream. Plex is just superior in that regard.
Vpn was my recommendation. You can leave it open to anyone, or put it behind a separate auth page. Or whatever you want.
My jellyfin is local only. If i wanted to give you access to it, i could flip a switch right now. That’s what the many reverse proxy options detailed in the link i gave discuss
I don’t run Jellyfin, but I’ve considered it. From what I understand, you have to set up a reverse proxy or something like Tailscale in order to access it remotely. Doing that safely can take a bit of learning, but the only part that could cost money is getting a domain name.
Is a domain name strictly necessary though? You would need a static IP. I thought you needed something like a VPS or VPN — I know what a VPN is, but I think it was something with a similar acronym — and that was a service that cost money.
With Plex it just works. When I load up Plex on a remote machine, first it tells me my server is offline, because my server is a Mac and Macs are sleepy bois, so it wakes up the Mac, which wakes up the drives, and then the server loads up and I can play pretty much anything.
I’ve ran Jellyfin on both Mac (current setup) and Windows/Intel. I like Jellyfin overall, and it does some cool things Plex doesn’t. Like you can fix details Plex won’t let you. Like for some reason it only lists the foreign actors in anime, you can manually specify the English voices if you want. Plex doesn’t let you do that and AFAIK there’s no way to. (There should be an API out there that taps into a service that lets you access any language cast, and there should be a way to set it to dynamically change the cast to whatever language you have selected.) But anyway, Jellyfin is somewhat fine, but to use it on other devices (e.g. an Apple TV box on the same network), you have to do a fair bit of configuring. It’s not just, log into the account on your phone and type in the text on the screen. Jellyfin doesn’t even prioritise Apple development, but they have come a long way.
Honestly the others in this comment section would be better to ask about accessing Jellyfin remotely, but I can tell you what I know.
If you go the VPN route, Tailscale is typically recommended, which appears to be free for personal use. It looks like these are the docs for using Tailscale with Jellyfin.
I host a couple services for my family using a reverse proxy (nginx through SWAG), and I have a free domain name with duckdns. This is not as secure as the above tailscale solution, but has worked for me so far. This is likely how I would add Jellyfin to my workflow, since I already have a reverse proxy and domain name.
Doing it safely is pretty simple.
Install Tailscale at both ends. Done.
It’s a fully encrypted mesh VPN.
If you need access without the TS client on the other end, that takes a little more work. Then you need to enable the Funnel option.
Nnnnno, doesn’t really work that way
I also bought Plex years ago for 87€ but i gifted that account to a friend once i got jellyfin up and running.
You’re right - Jellfyin doesn’t have a native built-in way to access it from outside. That’s the reason Plex intercepts with their own servers when you do remote streaming, that’s one of the aspects you pay for.
Using tailscale (free and setup in like 5 min) you can access jellfin from everywhere. Easy peasy.
Rumor says that Plex also denies you remote access when you use a VPN or mesh like tailscale… so ymmv
Never had any issues remote streaming via VPN.
I’ve accessed my Plex off network with tail scale 🤷
Wouldn’t it be the same way, you open a port just like Plex, or figure out a reverse proxy. I ran jellyfin for a little while back when Plex used to charge people a fee for using mobile
I’ve never opened a port for Plex.
You should at least figure out port forwarding, but Plex operates a service that makes that optional. You don’t have to do that or setup a reverse proxy with Plex, it mostly just works near seamlessly.
Yes you can.
As open as the source? (☞゚ヮ゚)☞
As open as the servers “security”
is there some security incident you have in mind involving jellyfin?
Beside the various security holes that have been ignored for years by the devs?
such as…?
https://github.com/jellyfin/jellyfin/issues/5415
So, I am not going to deny that those security issues exist, but it seems like they would only pop-up in niche situations, or only if someone already had access to your admin profile. Most people are using Jellyfin to share their media with themselves and their tech-illiterate friends in family. In that use case, the only people who even know my server URL are people I have shared that info with privately. Nobody is trying to hack my admin account.
Now, I am no infosec expert. Maybe there are folks that are trying to run larger operations, and for those people I can understand why these security issues may become concerning if you don’t have a tight handle on the circle of people that have access to your server. That said, it’s also a bit silly to expect a free, open source solution to meet your needs in that scenario, anyway. If you know and understand the issues that well, then maybe go join the dev team and patch the holes. That is the beauty of open source, anyone can jump in and fix it.
The main issue there isn’t the fact that these issues exist. The problem is the Jellyfin devs attitude towards them, most of these problems have been known for years (more than five in some cases) but are largely ignored. Client compatibility is valued over everything else.
There have been plenty of suggestions, ideas and even PRs, but the devs priorities don’t allow for any security centered patches to get merged
idk the full history, but Joshua’s comment here does not give me the impression of devs that are just deliberately ignoring security issues. It seems like they are simply balancing priorities, which is what all good devs should do. Personally I like that client compatibility is valued over everything else - I would be pissed if they broke the Fire TV client to fix a minor security hole on a niche Linux distro, because then one of my users would be SOL. And as Joshua says in that comment:
So it seems like now they are better set up to address the security issues without breaking compatibility.