Don't proxy jellyfin through CF.
Using it for the domain or subdomain is fine.
You know it's not proxied because the cloud is gray instead of yellow.
And if you ping the domain it's your own IP instead of a cloudflare ip.
this post was submitted on 01 May 2024
5 points (77.8% liked)
Jellyfin: The Free Software Media System
5579 readers
6 users here now
Current stable release: 10.9.7
Matrix (General Information & Help)
Matrix (Off-Topic) - Come get to know the team and blow off steam!
Matrix Space - List of all the available rooms on Matrix.
Discord - Bridged to our Matrix rooms
founded 4 years ago
MODERATORS
ohhh, so i can do it through cloudflare without breaking TOS? or am i misunderstanding?
Nope. It's doable and permitted as long as the traffic is not proxied (gray cloud)
okay, im gonna look into it later
If you don’t want to open any ports, then you will need to setup a VPN service. Tailscale is one of the easiest to use VPNs out there.
+1 for tail scale. I installed it to get a feel for how hard it'd be to setup. I had it running in 15min on multiple devices via the tail net.
Maybe look into Tailscale. At the end of the day, someone needs to open up the ports, but Tailscale does it strictly to negotiate a VPN connection between two devices, so they don’t see the traffic that goes over the tunnel.
is there then a way to get it to a domain or do i need to install tailscale on every device?
I do Tailscale on every device, but they also have a Funnel service that might work for you
does this mean i can connect it to my domain and can nginx then route traffic from other vms trough to other subdomains?
If it's setup right you can even connect as if you're on the same local network. Or connect using device name as you set it in the admin panel. There's a bunch of stuff you can do
would there maybe be a way with npm to only open up port 80 and run everything through there?
I think you should understand that if you are opening ports to the wide internet, you are putting yourself and anyone else on your network at risk. You’re playing with fire here.
I have this setup with Tailscale so that I can watch plex from anywhere, without exposing ports to devices that I don’t trust and I can help you if you want. But don’t expose 80 to the internet.
Have you thought about using DuckDNS.org?
I run mine through them (it’s free) because I couldn’t work through using my own hosting since my host makes things super complicated.
well from my little knolage about them you need to use their domain right?
Yeah you create the subdomain and use their domain. It’s a free DNS service that prevents you from having to buy your own domain and host and setup all the DNS security yourself.
but i would like to have my own domain
I don’t think I understand your original question then.
If you want your jellyfin on your own domain like Oliper202020.com, that requires owning a domain which requires registration which incurs a cost.
If you don’t want to pay for something, just use a DNS service to redirect through their domain instead.
i want to spend money on the domain, i just dont want to pay money for a cloudflare alternative or one of the paid subscriptions
You can use your own domain and set a CNAME to any of the DDNS ones. So eg. home.mydomain.com can be a CNAME for oliper.ddns.com.
Just attempting to setup pihole + some DNS rules for this, but can't yet say it works cause I haven't gotten that far
okay, send me a text when you got it working
Don't expose Jellyfin to the internet
Jellyfin specifically or just anything in general?
Really anything in general. The only thing I have exposed is Nextcloud and a personal website. I spend a lot of time locking those down.
Do it with a reverse proxy and set 2FA before it (and break native app functionaility).
Don't expose it to the internet
Set proper ACLs and you are probably fine.