I tried testing a movie from my home server in plex through firefox and repeatedly got this message, even after reloading.
I knew that they had paywalled the apps on mobile and streaming from outside the network but now they have also blocked watching your own movies through your own hardware.
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
Even a pop up that says “we need you to donate please” would have been fine. make it pop up before every movie, play donation ads before any movie but straight up disabling the app is kinda cruel.
Anyway, i have switched to jellyfin and it is insanely good. please give it a try. you can run it alongside plex with not issues (at least i had none) and compare the two.
In any case, good luck. Let me know if you need help.
You must log in or register to comment.
Every non-Free Software will betray you eventually. It’s only a matter of time.
I thought free software was when you were the product and non-free software actually supported developers.
Or do you mean non-OSS?
Free as in freedom, not as in free beer.
I thought we switched to libre for that definition and since then used free only as in free beer.
Libre (from French) is sometimes used to solve the ambiguity of the word free in the English language, but it sounds kinda awkward in English and there’s certainly no consensus that this should be the official replacement, or that the term free even needs replacement.
Furthermore, the FSF who originally came up with the idea of “free software” still exists and is still called the Free Software Foundation, though Stallman uses both terms interchangeably.
I thought we switched to libre
Maybe some people did. Thing is there’s a whole rest-of-the-world out there, and they didn’t necessarily get the memo or are happy with the existing way.
“Free Software” is a defined term: https://en.wikipedia.org/wiki/Free_software
Yeah, the wording is confusing. A long time ago, there was no paid software, there was only software where you got the source code and other software where e.g. it was pre-installed on some hardware and the manufacturer didn’t want to give the source code.
In that time, a whole movement started fighting for software freedom, so they called their software “free”.
well, except WinRAR
What do you mean WinRAR isn’t free?!
I just wonder if plex will ever sell the list of movies and IP address of everyone. Many people have the ARRs to auto download, even stuff still in theaters. What good is a VPN when plex knows your email and IP.
Honestly, I’d be rather shocked if this wasn’t already the case.
Moreover they probably have a database of everything you’ve ever watched and your IP and email address, just waiting to be leaked to the internet through sale or ransom.
A little oversymplified but i’ll take it. :)
Jellyfin is great, but in defense of Plex, they announced that remote streaming would require one of the two parties to have a Plex pass was coming back in March so I don’t know if it’s fair to say they are holding anything hostage.
I started down the Jellyfin path after they made that announcement. It’s super easy to install, and in many ways the UI is nicer than Plex. But I ran into challenges getting my server safely accessible for users outside my LAN. And I haven’t had the time to look into that further.
Would be great if there was a clean, easy way to set up the webserver portion so it’s as easy to share content entirely as Plex. But I get they are a volunteer project with a lot on their plate.
I have had great success with tailscale in this regard.
The same tailscale that announced last week that they are going to start charging?
Took a quick look at the free tier,
- 3 users
- 100 devices
- Basically all tailscale features
That seems pretty reasonable to me. Main account and two accounts to share. With just friends and family, I doubt most people will reach the 100 device limit.
Creating a tailnet using a custom domain is considered for business use.
Well, that sucks for me. I was planning on using my domain name.
custom domain
From what I gather, this refers to the email address you sign up with.
If you use something like a non-gmail email address when signing up, it starts you off on the business plan with a trial (which you can instantly change to free). (Note: they’re gonna change this auto-detection thing with shared domains soon due to a security hole.)
I believe you can still use a custom domain (instead of the randomised *.ts.net provided one) with DNS lookups in your tailnet, on the personal (free) plan.
The tailnet domain doesn’t really matter that much if you have your own. I just use tailscale IP for everything that’s not in adgaurs with a host name already
Or even just use the tailnet domain you can generate.
I have it set up so that my custom domain is pointing to the local ip of my server.
I’m willing to recommend Tailscale because I run headscale and it does basically everything a selfhoster needs. When the free version is passable, it’s harder to enshitify the commercial version.
It’s kinda the same as it was before, as far as I can see, for the personal plan. Looks like they’ve just added more the ability to add more than 3 users for a fee.
announced
What announcement? There’s been a new Personal Plus plan around for several months already - introduced without much fanfare, and simply brings the user count from 3 to 6 for a fixed small fee. Presumably this is due to feedback from personal users wanting to contribute something other than nothing.
Where do you see the free Personal plan has changed at all?
That’s great until you try and get it working on your <insert person here that doesn’t live with you>’s TV via their streaming device.
My mom’s tv surprisingly has WireGuard so I set that up for her.
But I ran into challenges getting my server safely accessible for users outside my LAN
FWIW:
- vps + domain (optional?)
- connect vps to home server with wireguard (eg Tailscale)
- reverse proxy on the VPS forwarding to jellyfin (eg Caddy)
Obviously not as trivial or seamless as Plex. Also I wouldn’t try to complicate this setup by using docker for everything. But once its up you can basically host whatever you want on the WAN from your LAN.
So an additional 10 bucks a month….
Awesome, thanks for the tips!
What added security do you get by using a VPS besides obscuring your home IP? I can definitely see benifits to not leaking your home address, but otherwise the reverse proxy and wireguard tunnels don’t actually add any increased security for the extra steps. You could just host a reverse proxy at home, and any flaws Jellyfin could have in their app would still be exposed.
I’m not knocking your solution, I’m just in a similar place and considering if I want to go through the extra hurdle for a VPS if I don’t need one.
If they’re calling it remote streaming when you’re on the same (local) network, that’s not exactly intuitive. I’d say OP’s phrasing was fair.
OP has a misconfigured server and isn’t connecting to their server over LAN.
But I keep hearing the value of Plex is that anyone can use it.
Yes anyone can use it even people who don’t know how to configure their server
The OP might disagree from what I’m seeing.
OP is also in the allegedly ultra rare camp of “successfully configured Jellyfin and lived to tell the tale.” Not what I’d expect of someone unable to configure Plex correctly. I’ve not set up a Plex server myself but my guess is it wasn’t clear that it was misconfigured - it did work previously, after all.
Well, with Plex constantly changing allowed abilities and such, it seems to me that this is the expected outcome.
I can’t speak for OP, but I self host lots of stuff, have literally dozens of services running, have an Ansible repo to manage it all and routi some stuff through a VPS, not to mention my day job has included managing services in one way or another for a long while. This is to say, I know what I’m doing. I couldn’t setup Plex to work the way I wanted to, they expect it to run in a docker with network set to host mode, I couldn’t find any way to tell Plex that my living room TV was in the same network, it just wouldn’t accept any connections as local. I know I shot myself in the foot here by not letting it run with network on host mode, but I shouldn’t have to, the port was exposed, I could reach it through the local network IP, but I wasn’t able to stream any content locally.
Just because the destination IP address is not a LAN address? That’s not misconfiguration, that’s a legitimate use of NAT reflection/loopback. If that’s how it determines who is streaming remotely then just run it behind nginx that forgets to set the correct headers.
Edit: Apparently Plex centrally relays all the traffic? Self-hosted my 🍑, it’s not self-hosted if you need to rely on their server.
It doesn’t relay all traffic, that’s a fallback if a connection can’t be established.
Yeah, there is no defence on enshittification, sorry. I have jellyfin now. Its also not remote which makes this a huge dick move too.
Wait its not remote? You’re on your local network?
OP has set it up wrong so it’s ALL going remote, even when he’s in the same house.
I have it set up in a way. That does not make it wrong. This is an option that plex gives you without warning so its their problem in the first place. They also just paywalled that feature that worked for years and they’re not considering the consequences or they dont care. The least they could have done is put a link “if youre seeing this on your home network, you need to do THIS.”
You set it up in the wrong way if you want to stream locally on your network.
It’s ok to admit that you made a mistake and it’s not plex’s fault. Just take some responsibility for your actions.
You’re now using mental gymnastics to blame me for someone else’s actions. Sorry mate but I’m not into that mumbo jumbo. good luck somewhere else.
Someone else set up your Plex server?
In this thread:
- An OP that doesn’t understand how their network is working
- People rushing to suggest a solution that they fawn over because it’s open source. I have yet to see anyone recommend Emby.
- “Tailscale will solve all your problems!” Great - how do I make that work on an LG TV that’s 100 miles away?
- Open source has high immunity to devs making changes at the expense of user for their benefit because anti-features can be removed. Recommending another proprietary alternative here would be like saying they aught to leave an abusive partner but then recommend someone with the same red flags they had.
- It’s also the most complex to set up, and for many people the threshold is “walking your tech-illiterate mother-in-law through side loading it over the phone, because she lives 100 miles away… She’s afraid to touch her computer for anything except email and Facebook. And then resetting her password every 30 days, because she keeps locking herself out of it.” Suddenly the “just fucking sign into Plex and it automatically discovers your server” option becomes a lot more appealing.
Jellyfin is the most complex to set up, right? (Just making sure I’m reading this correctly)
To set it up “correctly”, yes. It’ll require owning your own domain, being able to configure it properly (with either a static IP, or DDNS to point to your server at home), knowing how to automate https certificate refreshes, and a few other things. Plex just requires forwarding a port in your router.
I thought self hosting was about learning networking basics like DNS and setting up let’s encrypt.
So much whining in here about the most simple stuff being too complex.
I disagree; Self-hosting is for a variety of things, and plenty of people (in fact, I’d say probably the majority of Plex users) just want to be able to pirate Netflix without a ton of setup.
Is learning some networking inevitable? Yeah, probably. But I also think this xkcd is apt. The reality is that what may be simple for you and me actually requires a lot of studying for a complete novice. Plenty of people will need to google what a port is, let alone how to forward one. And that’s assuming they even know the word “port” to google. Plenty of people won’t even know where to start.
And true novices are hopefully going to be extremely wary of any info they find online. It’s easy to fuck something up without even realizing it, and leave your entire system exposed; especially when the braindead “lol just forward your Jellyfin port and use your public IP” advice is posted somewhere in every single advice thread.
Worse. Exposing Jellyfin to the internet is a bad idea given the teams stance on security. https://github.com/jellyfin/jellyfin/issues/5415#issue-824791596
The only safe way to host jellyfin is with a vpn.
Lots of those issues have been blown out of proportion, and would never be a real concern for the “just a dude running a server in his closet for his friends” setups. Which, to be clear, is the vast majority of setups.
For instance, virtually all of the worst issues require that the attacker already has a valid login token. So unless they stole your buddy’s credentials, the only one to truly worry about would be your buddy directly. But yes, Jellyfin has some gaping holes, and letting it touch the WAN at all is always a risk. You’re giving attackers a new potential vector of attack that didn’t exist before, so that’s worth noting.
Right.
Even though I could do those things, I just want something that works.
Plex (or even Emby) fits that request.
Plus they both have an AppleTV app for fee that doesn’t suck.
To continue the metaphor: a partner can have many alluring qualities (income, hobbies, looks) but what does that matter if the relationship is abusive. Leaving (and dating someone “worse”) can be more difficult that just staying in the relationship, but the priority should be clear.
Thank you Internet stranger for reminding me of this sketch.
Welcome to “People rushing to suggest a solution that they fawn over because it’s open source.”
How do you personally 100% beyond a shadow of a doubt know that Jellyfin is the right solution? Why not a VPN, shared folder, and VLC? What about running a DNLA server?
Edit: All of you downvoting don’t know; and it makes you salty.
Jellyfin has a DLNA plugin
You mean a morally “right” solution? 😇
3 - An OpenWRT router with Wireguard connecting to another router 1000 miles away will do the trick.
Great; how do I get my Mother to do that over the phone?
It’s not a cake walk, but I’ve something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router’s needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn’t easy, but he ultimately succeeded.
Ok, so you didn’t walk someone through it; you shipped them something preconfigured.
That’s not going to scale as I share out my server.
That’s not going to scale…
How many mothers do you have?
None of your business, insensitive clod.
[email protected] wrote:
Great; how do I get my Mother to do that over the phone?
That’s not going to scale as I share out my server.
Are you incapable of recognizing that in this context my comment was a joke? What the fuck is wrong with you?
Thanks.
One of my pet peeves is when people immediately jump to whatever their fanboy program of choice is regardless of if it’s actually the right program to run in the situation given.
It’s also always the Jellyfin fans that get emotional about this. Liking Plex is like a cardinal sin to them and I should be happy to migrate my entire viewership to a new solutions that requires them to install a vpn client on their device.
Every post I see here about Plex is some variation of Gotcha! or Schadenfreude where they expect everyone to say, “oh no, guess I’ll pack it up and start fresh”
Seriously. I hate when people assume default settings are the only option. You don’t even need a Plex account to set up Plex. It will just be less seamless and user friendly. Never adopt the server, configure these via localhost (ssh tunnel works) and then set up your networking. Don’t even need to update it, it will run for as long as the database stays stable. Which should be years or more.
If #3 is your use case, then yeah, pony up the fees. Or learn to code I guess.
So, like every other jellyfin fanboy, no real actual answer.
Why would there be an answer?
How do I load and configure Tailscale on my TCL Roku TV?
This is an answer im looking for.
Natively, you can’t. Hackishly, you could put a small VPN capable router in front of it that would manage the connection.
That’s according to Dr Internet, so I haven’t tried it, but it seems very likely to be accurate.
So instead of a service that works, I now have:
- an inferior (and incomplete) client experience, unless I spend money
- an additional device to allow the client to connect to Jellyfin, because I can’t safely expose it to the internet
- the responsibility to keep all that additional stuff working for myself and everyone of my friends/family members
sounds like a great deal
I’ll add to #2 (IDK if it’s open source, though):
Give Stremio a try. Once you set it up (basically just add the Torrentio plug-in then whatever content catalogs you want), the workflow is much better and simpler than Plex.
You just browse it like Netflix: see something you want to watch, select it with your remote, then stream it immediately. No server to run, you don’t have to build libraries, you don’t even have download the content beforehand. Just select and watch. Could not be easier.
Is it torrenting in the background? Because, if it is, then you need a VPN and I don’t know how to set one up on my LG TV. Would you happen to have a guide?
If you live in an area where you need a VPN to keep your ISP off your ass, well you’re in luck because the Torrentio plug-in is compatible with Debrid services (Real-Debrid is a good one). They’re cheaper than a VPN (less than €3/mo) and get you direct downloads which ISPs don’t care about since you’re not distributing files like you would with a torrent client. What’s nice is that they work with any torrent—not just video—so you can download wherever you want at 1gbps speeds so long as the torrent has at least one seed. Since you’re not actually interacting with the torrents themselves, there’s no need for a VPN.
Setup is easy. The only thing you need to do is install the Stremio app on your TV, then open it and install the Torrentio plug-in. From there you configure your preferences like preferred resolution, language, etc, enter your Debrid service credentials if you have them; after that you install additional plug-ins for the kind of content you want. I’d recommend starting off with the Streaming Catalogs (lists popular content from Netflix, Amazon, Disney HBO, etc.)and Trakt.tv plug-ins (recommends content based on your viewing habits). There’s also plug-ins for anime if that’s your thing. Once you install the plug-ins you like, the only thing left to do is pick something to watch and enjoy. :)
You can also download the Stremio app to your phone and configure everything from there if you don’t want to fumble with doing all of this with the TV remote. I’d recommend doing it this way so that all you have to do on the TV is fire up the Stremio app and enjoy.
If you live in an area where you need a VPN to keep your ISP off your ass
Uploading copyrightes material is illegal pretty much everywhere I know of.
Many places don’t enforce those laws for simply torrenting.
Some countries (US) ask the ISP to send warning letters and might disable the internet. In other countries law firms get personal details from the ISP and send a costly letter of a thousand Euro for a single infraction like in Germany.
That’s true, but ISPs have logs. And if something happens that makes the police change their mind about enforcing the law, you might be fucked, retroactively.
Bro you asked for a guide, I gave you a guide. The fuck you want from me? (For convenience sake I even made as short as possible. Literally less than a 45 second read.)
I put a lot of effort into that comment to help you out, and instead of saying “thank you”, you respond with this bullshit? What the hell is wrong with you?
Ungrateful prick.
I asked for a guide on how to setup a VPN on my LG TV.
Please specifically point out where in your long repo se you provided a guide on how to run a VPN on my LG TV.
Again, you don’t need a VPN if you follow my guide. Your reading comprehension is worse than mine, and I have ADHD. *sigh*
Is Streamio considered safe/private? I remember looking into it a while back and saw something about needing an account on their servers or something.
I used Kodi with addons for ages but switched to jellyfin because kodi felt too clunky and slow for my wife.
I’m not the person to ask this kind of question to. I use DNS-level tracking protection in my router (via NextDNS), but I’m not a privacy expert.
If you’re living in a country where censorship is a thing and/or privacy is of upmost importance, then you should still use a VPN in addition to a Debrid service with Stremio. Or you can nix the Debrid and just use a VPN if you don’t mind more buffering and all the downsides that come with torrents. (VPNs can be setup to run on a TV through DNS settings either on your router or TV itself, though this may not be 100% secure. Again, I’m not an expert.)
For #3, subnet routing.
Where do I find Wireguard for my LG TV?
You can’t expect my relatives living 100+ miles away to start monkeying around with their router. That be like asking you to set the spark plug timing correctly using a timing gun.
Did you even read the link? You don’t need it on every device. It’s not really that difficult to understand.
I AM A 48 YEAR OLD FORMER FUCKING TRUCK DRIVER FOR FUCKS SAKE, and yet, I still managed to set up tailscale on my phone and a computer, and then access my stuff that ISNT running tailscale in any way, shape or form, from my phone, simply because I decided to figure it the fuck out.
Stop being so damned lazy.
I am so fucking tired of this “cater to the lowest common denominator” bullshit.
Stop being so dam lazy and do all the things you pay someone else to do.
Mow the lawn. Fix the plumbing. Run new electrical. Neuter the cat. Clean your teeth. Do your taxes. Properly segment your network into several VLANs so that your IoT devices can’t talk to your internal network.
The condescension in your first point is brutal. I suggest you apologize.
And I would suggest learning how to configure your software before coming here and stirring shit. But we can’t always get what we want
Yeah sure. Because a company paywalling functions has anything to do with network configuration.
What people like you dont understand is that there is no minimum requirement of knowledge to selfhost. It is completely braindead how often i have to tell people how a network works and now i have to explain to people why software configuration is not network configuration.
Welp, i killed mine yesterday as it wouldnt let me stream while offline. Modem died so no Internet for me. Why do i have everything local if it dosent work while offline…
Exactly. Thats why i use jellyfin now. Try installing it alongside. For me it worked well.
Its already installed, but missing features, i was waiting for them to finish the db changes, because thats whats blocking them…
what features are you missing?
security
Someone else already said it and you’ve already swapped but I’ll say it in detail:
when setting the server connection up you selected “ServerName (long string of numbers)” and not “ServerName (your IP - SECURE)”
this routes your connection through the Plex servers and makes it not a local connection anymore. this is extremely easy to do and forget you’ve done because it barely impacts performance
In other words, it’s a dark pattern that tricks users into letting Plex MITM their connection.
It gets around port forwarding/firewall issues that most people don’t know how to deal with. But putting it behind a paywall kinda kills any chance of it being a benevolent feature.
Labeling it as “SECURE” (implying the other option is insecure) is enough to make it seem underhanded to me.
dark pattern
Nope, not at all. Its extremely forward, your local IP is listed first every time IME, and your lower-down comment has it backwards as it’s your local IP that had “secure” written on it
it’s not a dark pattern at all, people are just stupid and don’t read (including me, I fucked this up too at first)
Are you saying that you’re on your home network with your Plex server and it won’t let you play your media without paying? That’s not true if so. You must be outside the network.
My guess is they have VLANs and they didn’t set up the server to treat them as local traffic.
I’ve had that happen to me with plex, it was probably 100% my fault because I specifically changed things during the setup of the docker file, but apparently Plex can’t figure out that is local if it’s running inside docker with non-host network, it probably only accepts local connections from the docker network, and I was never able to make it treat my actual home network as local.
Under Settings > Network there is a configuration own exactly for this. I’m running host network, but you can add the docker networks here as well.
I don’t have that configuration:
As someone else mentioned, this is only available to PlexPass users. Sorry for the confusion! I bought my lifetime sub over a decade ago at this point and forget about these inconsistencies that used to just be part of the product.
Therefore it’s literally impossible for me to watch my media locally, way to go Plex.
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
Yes I am, but I don’t want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It’s ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it’s a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it’s running.
LAN networks is only available for plex pass users
It all starts to make sense then. I need to set Jellyfin up soon. It’s only a matter of time before they come after the “Lifetime” purchasers like myself. I bought it over a decade ago at this point.
the actual problem here is that OPs network is not configured correctly and that Plex detects that the physical local client is actually accessing the server from a totally other network.
Fairly common when you use docker to run Plex and have the container run in bridge mode. This will put the container in the docker network that will then be different to your local network.
Plex determines if a stream is local or remote based on the network so when your container is in bridge mode, the physical local client will be a remote connection because of the different networks.
And since remote streaming requires Plex pass since end of April, you will see this.
That is exactly the case. It is absolutely true and accusing me of lying is not okay.
You’re not lying, you’re just not good at networking and/or setting up Plex.
Plex does NOT charge for streaming on your own network. If it is saying that you need to pay it’s because you’ve set your network(s) or Plex up wrong.
And the next wrong assumption. It’s beginning to get really tiring. Maybe try to stop individualizing systemic problems. I know it is counter to our society but it is the only healthy way.
I’m building networks for a living. The situation I’m in has zero to do with my skills and assuming so is highly disrespectful.
But yes, as others have pointed out, it is likely that a configuration back when setting the service up years ago led to it using an outside connection which has only now become an issue because of plex’s switch to blocking remote streaming.
No matter because plex works just as well.
Cool, so you can finally admit you set Plex up wrong. Good job.
But somehow it’s still Plex’s fault
Why anyone still uses Plex for new setups is beyond me.
pretty much the only reason I still use Plex is because I like to be able to watch stuff during downtime at work and plex.tv isn’t blocked on the work network while my private domain is.
And no, using a hotspot off my phone on a personal computer isn’t an option, both because the security requirements of my job site prevent us from using personal devices in the main area where I work and because the building itself is a massive concrete structure that blocks most cell signals.
Well, i didnt. Its a legacy install and i had jellyfin already running parallel because of the remote streaming paywall they introduced.
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you’re good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
For software I like made by people getting paid, I was happy to pay the one time fee. It’s really good, secure, and downloads are fast now.
Best 70-ish euro I spent over a decade ago
Ditto. There is a crowd on Lemmy who seem to get angry whenever people are happy to pay for software and I do not understand it. Surely we want developers to be paid for their hard work? Don’t we want them to able to comfortably live?
Agreed. I’ve stated it before in other threads, and I’ll say it again here, but if they asked me in 5 years to pay another $89 or whatever in continuing support for a badge on my server I’d happily do it. Plex is really good. Great UI, great apps, great external enrichments like trailers/subtitles/ratings/actor info, and Plexamp is 9.5/10 for music.
Their biggest fault is how they communicated about the change for remote users. I did have a few family members get the email and ask if they were going to have to start paying monthly now, but they’ve never been on a free server. They should have stated more clearly than if you were on a Plex Pass server that no change is required.
Yes. But it used to be free to watch remotely. It’s 99% your own hardware doing everything. Their services get used for discovery, not as proxies for the connection itself, AFAIK.
You already had to pay them to allow transcoding with your own GPU, etc.
Right now it’s still not too bad, but just watch, enshittification will affect paid users too. For one, I expect the lifetime pass to go away, and go away retroactively eventually.
Plex has paywalled my server!
Skill issue tbh.
Yeah but not on my end.
Remote, yes, they announced you need Plex pass one side or the other for it to work.
Local, no, that shouldn’t happen. Your device isn’t reaching your Plex server locally.
To work around the remote issue, you can VPN to your local network.
But you’re better off in the long haul with Jellyfin as you’re doing now.
Yeah no. That is local. But thanks for the suggestion. Jellyfin works well.
It isn’t hitting it locally is the issue. Not an uncommon problem with plex unfortunately, its going out to come back in, so the server and client see it as remote.
Without playback you wouldn’t even be able to see that in the dashboard, which just makes the direction Plex is going so much more problematic.
Like I said, better off using JF.
Yeah, i assume it isnt. It got pointed out a couple times that it is a plex configuration problem which plex doesnt point out either btw.
In any case, thanks for helping and participating. Have a good one. :)
Its not a local connection if you’re getting this message. You might be in the same network, but for some reason it’s not connecting directly.
You’re assuming something that you just cant. I run this network alongside 5 others, some of them professional, for years. My configuration is standard and i’m using the software the same way i did for years.
If plex redirects my call to their server, that is their problem, not mine. I dont care what their inner workings are. I use a local address and this has happened for the first time.
Is it possible that it is an honest mistake on the side of plex? Yes.
That does not absolve them from the end result.
What about switching to Jellyfin?
Already done. Thanks for the suggestion though. :)
It’s pretty rare that a company starts taking away free features and doesn’t end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn’t worth $20 you probably don’t need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let’s Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don’t know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
I access my stuff via VPN. As for sharing with others, I simply don’t do that. VPN is still an option though. Or temporary client whitelisting, etc.
Yeaaah ! Most people anyway have some kind of VPN installed on their device… Just slap in a wireguard VPN config to tunnel your traffic home… bOOm jellyfin everywhere and 99% secure !
Now that’s an interesting thought.
A web page with Authelia, login and a firewall.
If you’re not logged in, All you get is a login page. If you are logged in, It passes you straight through to jellyfin.
So any device and client would be able to access it without issue once a phone or computer on the network had logged in just once.
The web page modifies the HA proxy ACL and forces a reload.
This will work fine over the web, but won’t work with clients.
What are my realistic security concerns with a jellyfin server that I let friends and family watch while trying to minimize the troubleshooting and steps they need to take to get started?
realistic security concerns
If you’re running a binary installation of Jellyfin on your server and exposing it to the public internet, you can face significant risks:
-
Remote execution vulnerabilities might allow attackers to exploit bugs to run malicious code on your server.
-
Buffer overflows. Poorly handled data can let attackers manipulate memory, Bypass logins, touch things in the host that aren’t meant to be twiddled with
-
Network exposure. If compromised, the server could become a launchpad for attacks on your network.
There might not be any vulnerabilities at this moment, but they might come in a future release. And we might not even know they exist. It’s a small team of volunteers, and they’ll do their best. This is just what is reasonably possible when installing the server as an application on your OS and exposing it to the Internet.
You can minimize risk with a safer setup, as someone else in the comments here mentioned (and I think they even linked to their setup)
Using a Docker container version of the app significantly reduces your attack surface. This isolates the app from your host system. If they get in, they only get into the container and whatever that container is allowed to do.
Mount your media files as read-only to prevent accidental modifications or potential malicious changes. Now that container can’t do any real harm do your data.
Avoid making the container privileged. A privileged container can interact with the host system in risky ways.
Use reasonable unique usernames and passwords. If the container does manage to get compromised, they will likely be able to read usernames and passwords stored in the container.
Regularly update your container – Ensures you have the latest security patches.
Short of some massive Docker vulnerability, (which is on you to keep updated) the worst case should be public enumeration of your media, exposure of your JF users/passwords, and denial of service. Which IMO isn’t very serious.
For even tighter access control, don’t whitelist the entire world.
Whitelist specific IP addresses. Have users visit WhatIsMyIP to get their IP, then configure port forwarding to allow only trusted addresses. This allows the clients at their houses in without any serious hinderance, but would block them from accessing your media when they’re not at their house.
If they’re accessing you through a phone or PC, setup headscale or tailscale or any VPN and allow them to get to you through VPN
-
You can address the 2fa by putting it behind something like authelia, but still, the project needs to step it up
Authelia is super easy, if the clients can handle it
I thought that you can still access media directly via the URL without any authentication, how would authelia change that?
Yes! You just have to set up your reverse proxy to send everything through it and it’ll block the unauthenticated access.
The downside is that apps stop working since they don’t have a way to authenticate with authelia. I’ve installed it as a PWA on my phone and use an old laptop with the TV interface on my TV, but it’s not perfect
Are you sure that works? I’m pretty sure they mentioned that reverse proxies are an unsupported (and not working) use case with Jellyfin, but I might have to look into authelia some time then.
Both jellyfin and authelia support reverse proxies.
Here’s jellyfin’s guide: https://jellyfin.org/docs/general/post-install/networking/reverse-proxy/
And here’s authelia’s: https://www.authelia.com/integration/proxies/introduction/
There’s some restrictions (like websocket support) but it’s not too bad to set up.
Still, if you don’t need to expose it to the internet, put it behind a vpn.
Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
The problem with putting it behind a VPN is then all your users have to be on VPN.
Self-service IP whitelisting would be easy and let all clients work without trying to hack in a separate VPN client.
The only thing that would suck would be if you were on a mobile link while moving and swapping towers your IP would change so you constantly get kicked off.
But if you were so inclined you could VPN to your own house and your IP would stay the same.
I just put it behind an HAProxy a few minutes ago, It appears to be fine. You just need something capable enough to handle web sockets. I’ve made it all the way through an episode of The real monsters without any problems.
Again, you’re not going to be able to 2FA it that way, what I’m looking at doing is IP whitelisting it in HAProxy using a small web helper that is 2FA, accessed via the same port but on a separate path.
Maybe I was thinking of this from back in 2024?
https://github.com/jellyfin/jellyfin-android/issues/123
“Hacking around with a reverse proxy is strongly discouraged and we won’t provide any support for it.”
Yeah part of doing this is keeping a ci pipeline up and unit testing against rcs and telling them exactly what’s failing. The report in that ticket gave them absolutely no choice but to try to set up an entire system to reproduce whatever the user did which they obviously don’t want to do.
WebSocket relays are poorly implemented in a lot of proxies, Even cloudflare has its fair share of issues.
The downside of using HA is reinventing the let’s encrypt pipeline for the 40th time, the upside is it’s dead simple, web sockets go in, web sockets go out, The logs are good, it’s easy to debug it with TCP dump If things start to get sketchy.
probably SSL
*TLS
SSL has been deprecated for a decade at this point
Would you consider this a particularly constructive comment?
What’s wrong with it?
SSL or the comment? The comment is annoying because people use TLS and SLL interchangeably in colloquial speak.
As was stated on the first post you made about this, it’s a dns or nat reflection issue.
Plex sees you accessing it through your external IP address, and not through your lan IP.
I had a similar problem, and had to roll back some nat changes I made, and now it’s working fine again.
Meanwhile, free remote streaming works fine if you have a proper VPN setup. I just tested it, and was able to stream to my phone, through the Plex app, over my tailscale VPN, and I do not have Plex pass on the server or on my phone…
I did not make a “first” or “second” post about this. This is it.
This sounds like a whole lot of convoluted bullshit to use Plex locally and “looking local” through VPN solutions when you could just roll a Jellyfin instance and do things a more straightforward way…
This is the reason I didn’t go with Plex when I was setting up my server.
Plex really needs to do a Tailscale style connection to your server. But instead they chose to keep their outdated method of funneling all of their traffic through their servers, and need to charge lots of money in order to pay for it.
Considering both Plex and Tailscale are going toward VC exits, Headscale and Jellyfin is the only FOSS way atm.
I just use nginx on a tiny Hetzner vps acting as a reverse proxy for my home server. I dunno what the point of Tailscale is here, maybe better latency and fewer network hops in some cases if a p2p connection is possible? But I’ve never had any bandwidth or latency issues doing this
If you are using wireguard from the VPS to your home server, it buys you nothing more. If you have mobile devices connecting directly to the home server, Tailscale will let them connect directly in most cases, which is nice.
The direct connection is cool, I just wonder if a P2P connection is actually any better than going through a data center. There’s gonna be intermediate servers right?
Do you need to have Tailscale set up on any network you want to use this on? Because I’m a fan of being able to just throw my domain or IP into any TV and log in
