I have docker installed, but only have a vague idea of how it works.

Back in the day, I would just port forward, but even then, I would need a static IP somehow.

I have heard a reverse proxy is an option, but that is an entirely new topic to me.

Surely there is an easy way to access Jellyfin outside of my home network that I’m just missing.

*Edit: I am blown away by all the help and support! I currently have tailscale running, and I’m in the process of purchasing a domain.

Thanks everyone!

  • pHr34kY@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    28 minutes ago

    You can still just open it to the internet. Just do it on IPv6 instead. You won’t find it by scanning IP ranges like they do on IPv4. You’ll want to set up DNS for it though. Also get a free TLS cert from LetsEncrypt. It’s a bit of work initially.

  • chellomere@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    44 minutes ago

    I use pangolin and subdomains on my domain. It works really well, and enables SSO login to all services on the network.

  • alexquiniou@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    24 minutes ago

    I’m using wireguard with wg-easy. It’s a gui that let you easely setup wireguard. My isp is giving a fixed ipv4. So i don’t have to think about dns or other complicated things. I have Jellyfin and wg-easy installed on truenas as docker apps.

    There are official app for any os you want.

    https://www.wireguard.com/install/

  • The Zen Cow Says Mu@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    37 minutes ago

    I’m currently testing out jellyfin. Have it through my reverse proxy and using the ldap authentication with authentik. Works fine and nice having two-factor authentication.

  • KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 hours ago

    Personally I didn’t want to have to hand out VPN credentials to everyone, so I went with a cloudflare tunnel with Authelia as the method of authentication.

  • Wilmo@programming.dev
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    1
    ·
    5 hours ago

    Tailscale. It’s free. Insanely easy to set up.

    Just install on your devices and connect via the given tailscale ip for the jellyfin server.

    • sakphul@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      18
      ·
      5 hours ago

      I would also propose going with Tailscale instead If a VPN + DynDNS solution. Imho it is a lot easier to Setup compared to VPN + DynDNS If you are a beginner and just starting out.

      If at some point you need more and then is available in the free Tier of Tailscale and you do not want to pay for it (and you have built up some knowledge!) you can switch to something like Headscale or Netbird.

      • hoshikarakitaridia@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 hours ago

        I forgot to mention that one because I kinda thought it belongs with radmin and hamachi, but it’s my choice as well currently.

        I am using it with my own Headscale though, so add a domain to that as well.

        And I finally need to switch my vaultwarden to work over tailscale & LAN finally, it’s a huge security risk to expose that one.

  • hoshikarakitaridia@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    edit-2
    2 hours ago

    That’s the whole point of a domain. Your IP changes every now and again you need people to know where to reach you. You give them a domain, and you configure the name records so that the domain always points to the right IP address.

    Your options:

    • dynamic IP - you keep your setup as is and just periodically tell them the new IP you’re on. Annoying and exposed
    • static IP - you buy a static IP (from your ISP) and share it with your friends once. A little bit less annoying and still exposed
    • you use a VPN like hamachi or radmin - your friends install the software, they look for you IP in there, you’re done - very secure but also very annoying
    • you buy a domain - you have to configure an IP updater like ddclient or similar, then you jellyfin should be reachable - least annoying for your friends but also slightly less secure

    Domain is the cleanest option.

    I am telling you how annoying it is because that’s how likely your friends are to adopt it and how secure it is because depending on your country you are doing something illegal and you really don’t want anyone to find out and you gotta keep it updated more often if you don’t want people to exploit it. There’s an endless supply of very smart people out there who use known bugs to target public services.

    Edit: I forgot DDNS, see below comments.

    • Vegan_Joe@anarchist.nexusOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 hours ago

      I appreciate your response!

      It looks like a VPN is the option I’m leaning towards, but I’ll definitely put the idea of buying a domain in my back pocket for a while.

              • Saapas@piefed.zip
                link
                fedilink
                English
                arrow-up
                4
                ·
                3 hours ago

                You get to pick your numbers

                On June 1, 2017, .XYZ launched the 1.111B class .xyz domains, cheap domains priced at US$0.99 per year and renewed at the same price. The class of domains consists of six-, seven-, eight-, and nine-digit numeric combinations between 000000.xyz and 999999999.xyz. Daniel Negari, CEO of .XYZ, stated that it was meant to bring competition, choice, and innovation to the market

    • MasterOKhan@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 hours ago

      I second this, if it’s only you that needs access then Tailscale will be all that you need. You can use Tailscale funnel if you want it to be available to the wider web, but then you have to manage SSL certificates and it is slightly less secure.

      I would caution against port forwarding and leaving your server open to the wider web.

    • Pacrat173@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 hours ago

      It’s my go to method super easy to set up and use on both the device hosting your JellyFinn server and whatever your steaming on

      • djdarren@piefed.social
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 hours ago

        Just be aware that if you want anyone else to connect to your Jellyfin, you’ll still have to route it through a domain and reverse proxy, unless you’re comfortable letting them log in to your tailnet.

        It’s a bit of a fiddle to set up, but once it’s done it’s quite satisfying.

      • Pika@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 hours ago

        it’s actually the recommended way if you use jellyfin, theres a few security/privacy vulnerabilities with publicly exposing the jellyfin server anyway, they are being worked on but, the safest way to do it is just use a vpn regardless.

  • terrifyingtuba@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    4 hours ago

    Personally I purchased a domain, and use Caddy for a reverse proxy. My ISP gives me a static IP for free, but I don’t think that makes a difference in this situation. Tailscale would be safer but requires more setup from friends. My friends seem to like how simple the setup is, and I also use requestrr so they can add movies/shows via a discord command.

  • Morgikan@fedia.io
    link
    fedilink
    arrow-up
    4
    ·
    4 hours ago

    If the goal is doing this in a simple fashion, then use Tailscale funnels (https://tailscale.com/docs/features/tailscale-funnel). Funnels automate the process and act as a reverse proxy into specific servers within your tailnet.

    The downside is there is no authentication to funnels, so whatever you’re running (Jellyfin in this case so that’s not an issue) needs it’s own authentication setup. You might consider running fail2ban on that machine and have it watch for login attempts, but otherwise that is the simplest setup I think you could do.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    24 minutes ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
    DNS Domain Name Service/System
    ISP Internet Service Provider
    NAT Network Address Translation
    Plex Brand of media server package
    SSO Single Sign-On
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    nginx Popular HTTP server

    [Thread #41 for this comm, first seen 5th Jul 2026, 18:30] [FAQ] [Full list] [Contact] [Source code]