Plex, Emby, and Jellyfin are all legal, and each have ways to serve liveTV alongside your own locally stored content, and DVR that liveTV if you want. You’d just have to purchase a liveTV subscription from your local provider (or go the Pirate route ofc).

Emby has what they call ‘Emby Connect’ which is entirely optional and is basically a glorified DNS service.

It doesn’t proxy connections, it just passes on the hostname to the client. The server is still required to setup port forwarding or other routing like tailscale or a proxy on a vps.

Emby Connect will let you sign into your local server using your emby.media credentials, but unlike Plex it’s completely optional and only works once explicitly linked to the local user of an Emby server.

I only bring it up because you explicitly said you have no idea why it doesn’t work.

Take things at a comfortable pace; there’s no sense overwhelming yourself. Then you just forget what you’ve done and end up lost in your own maze.

I started with Plex myself, almost 10 years ago. Moved to Emby, where I learned about buying a domain, setting up ssl through a reverse proxy, and just continued to explore from there. Today I run ~26 containers/projects across three systems and I’m always keeping my eye out for interesting new things.

Best of luck with your journey m8.

Sounds like you’re behind cgNAT, which essentially means there’s another router owned by your ISP that’s between yours and the open internet, which also requires port forwarding, but your ISP will never do that for you.

It complicates things, but the solution(s) are tools like tailscale, cloudflare Tunnels, or to rent a VPS just to host a proxy/vpn.

Plex solves this by using their own public servers as a proxy for you, but this is part of how they have control over your users/server/data, such as blocking remote streaming… That makes more than a few people uncomfortable.

Plex centralizes authentication at plex.tv

When a user wants to connect to a ‘private’ plex server, they must first sign into their plex.tv account, which then provides the auth token needed to login to the users server (even if both the client and server are on the same lan)

With this system, Plex can monitor and control every single connection to every plex server; limiting access to whatever they want. Even your own local content.

Plex has an automatic proxy service hosted by their public servers. If you haven’t or can’t configure port forwarding correctly, plex will route the connection through their own servers.

The problem is, that also means Plex co has total control over your server and the data sent between it and clients if they so choose. Anything from quietly logging the data sent back and fourth, to controlling who can connect and what they can do while they are.

Jellyfin has to be correctly exposed to the internet via port forwarding or tools like tailscale/a vpn; but it’s entirely your server under your control. You have ultimate control over how your server can be accessed, but that also means you’re responsible for actually setting that up.

Yeah; I mean, if this was any other content from the same shows/movies it’d be a non-issue covered under Fair Use.

I can understand being upset about entirely new content, AI deepfakes for example; but this content was created and distributed to the public, intentionally, with the consent of the individuals that are filmed within it. It’s just been transformed into a different format; arguably, in a creative and educational manner. (the same way something like a ‘Family Guy funny moments’ compilation is)

If you didn’t want people looking at your nude body, why did you perform nude scenes in front of a camera, knowing it’d be distributed to the public…

Fair point.

The self-hosting part was mostly about total control over my own systems and less about the paid features. It’s very much not necessary.

As far as pro features go, It was the TOTP authenticator integration that was kind of important to me. ~20% of my accounts have TOTP 2fa, and bitwardens clients will automatically copy the latest 2fa code into the clipboard when filling a password.

Bitwarden will even tell you if a saved account could have 2fa (the service offers it), but it’s not setup/saved in bitwarden atm.

I currently have 110 unique user+password combos. I wouldn’t want to change all those even once, if I were breached and had used similar credentials everywhere.

Bitwarden keeps them well managed, synced between devices, and allows me to check the whole database for matches/breaches via haveibeenpwned integration. Plus because I prefer to keep things in-house as much as possible, I even self-host the server with vaultwarden walled off behind my own vpn, instead of using the public servers. (this also means it’s free, instead of a paid service)

I feel horrible for the kids, they get forced to follow their parents mind-boggling stupidity.

Derek and DeAnna on the other hand are adults who thought out, planned, and followed through with their idiocy.

Politics aside; how could you possibly think moving your family to a country that’s actively at war with its immediate neighbor, and struggling to find bodies to throw on the front lines, is even remotely a good idea.

It touches on the fact that Derek Huffman ended up sent to the front lines in the war against Ukraine, and for a while there were rumors he’d died there.

I would genuinely be more surprised to hear they were left to live peacefully.

That will solve part of the problem, preventing downloads before an item has even released; but there’s still lots of potential to grab unwanted torrents and leave the arrs asking for intervention when they can’t import it.

Ideally the indexers would be filtering out this junk before users can even grab them, but failing that I think we’ve got a decent solution. Check out the edited OP

Check out the edited OP.

I’m taking a look at this. It looks like it’s the malware blocker portion that I’m interested in, but if I enable it and ‘delete known malware’, it just complains every minute that there are no blocklists enabled. (though the documents say it’s supposed to fetch one from a pages.dev url that has almost no content)

Do you have a specific malware blocklist configured? Enabling the specific service blocklists demands a url for one.

I can host/build a list over time for these to use if that’s what I’ve gotta do; just wondering if there’s a public collaboration on one already on the go.

/edit: found it

https://raw.githubusercontent.com/Cleanuparr/Cleanuparr/refs/heads/main/blacklist

That’s what I’d already done as per the OP, but it leaves Sonarr/Radarr wanting manual intervention for the ‘complete’ download that doesn’t have any files to import.

I just did some digging and found I do have some good quality content from them, but they were all grabbed via NZBGeek.

Every torrent I’ve gotten with that label has been garbage/malware.

This comment prompted me to look a little deeper at this. I looked at the history for each show where I’ve had failed downloads from those groups.

For SuccessfulCrab; any time a release has come from a torrent tracker (I only have free public torrent trackers) it’s been garbage. I have however had a number of perfectly fine downloads with that group label, whenever retrieved from NZBgeek. I’ve narrowed that filter to block the string ‘SuccessfulCrab’ on all torrent trackers, but allow NBZs. Perhaps there’s an impersonator trying to smear them or something, idk.

ELiTE on the other hand, I’ve only got history of grabbing their torrents and every one of them was trash. That’s going to stay blocked everywhere.

The block potentially dangerous setting is interesting, but what exactly is it looking for? The torrent client is already set to not download file types I don’t want, so will it recognize and remove torrents that are empty? (everything’s marked ‘do not download’) I’m having a hard time finding documentation for that.

Awesome. Thanks you two, I appreciate the help. :)

Awesome. Thanks you two, I appreciate the help. :)