1043
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Mar 2025
1043 points (100.0% liked)
Selfhosted
44652 readers
1196 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Why would you expect this to NOT be paid? It requires them to be running servers to stream the media through, I wouldn't expect this to be a free feature.
I dislike Plex for several reasons, but asking for payment for stuff that costs them money is completely justified.
Why is this getting upvoted? Plex isn't running a server. You are. Your computer and your media files are quite literally "the server" that is serving the files to you remotely. Plex is at best doing authentication.
Because he’s right. You can’t access your own server remotely without plex’s infrastructure (provided you don’t just set up that infrastructure yourself). You don’t need to open ports or anything. Your server reaches out to plex server, which creates an entry point to your network. Your stream is then either routed through their servers or possibly setup as P2P stream.
That's just not correct. Mate. It's setting up a secure route from the client to your Plex server. It's essentially doing what Tailscale does but just handling the client setup automatically via their Plex authentication. They are authenticating the connection and setting up the route from the client to the server. They are not handling petabytes of data people are streaming. The ISPs are doing that.
Ok sure, they aren’t routing, just using P2P like I mentioned. It’s still not possible to access remotely without using plex services. This is what you are paying for. If you don’t want to pay for their auto-config remote streaming it’s easy enough to do it yourself.
I can't back this up but I highly doubt that the media is played through Plex' server.
Its not. It is setting up a secure route from the client to the server. That is quite literally not a server. No one thinks Tailscale is a Server service. That's essentially all they are doing but just handling adding the clients automatically when they authenticate.
Wait a moment. I always thought that Plex’s servers only facilitate authentication (to verify your account) and discovery (to help your device find your server). They do not handle the actual media data. And if there is no Direct Remote Access, Relay usage is capped at 1 minute per day for free users. This looks like a cash grab to me.
It doesn't require Plex servers, though. I do this on jellyfin for free.
How do you do this on Jellyfin? The only ways I'm familiar with is to expose Jellyfin to the internet or access it through Tailscale, would love to hear alternatives.
Edit: From the replies I think that either I don't understand how this feature works or many people here don't, so I'll give an overview of my understanding and explain why this is different from anything you can do on Jellyfin and what's the closest you can come.
You are running Plex-home in your house, Plex-home connects to Plex-server hosted by Plex and establishes a reverse connection that's only accessible by Plex-server, i.e. you can't access your Plex-home outside of your house. When you login on Plex you're logging in to Plex-server and if you're in the same network as Plex-home you get redirected to form a direct connection with it, if not (and for me Plex keeps failing this verification) you connect to Plex-server and every request you make gets forwarded to Plex-home and when you ask for media it gets routed through Plex-server. This is very different from exposing Plex-home directly to the internet, in order for someone online to access your Plex-home they need to have taken control of Plex-server and then they're limited by the API between those two (whichight be different from the Plex-home API) to try to escalate into your machine.
With Jellyfin there's no server side component, you access Jellyfin directly every time, so in order to access Jellyfin outside of your house it needs to be accessible for everyone. The closest you can come up with is using a third party authentication server, for example by having a VPS running Authentik/Authelia/etc and hosting Jellyfin behind that authentication. This gets you a similar level of security because someone would need to compromise your Auth and then your Jellyfin to get into your server. However I'm not sure Jellyfin clients would know how to handle a third party authentication service, and would probably just crap their pants and prevent you from logging in. You could still access it in a browser, but not on native clients like the one on your TV or Fire Stick.
If you don't have this VPS with authentication you're exposing Jellyfin directly to the internet, which means that any flaw in Jellyfin security immediately compromises your home server. And while I don't expect there to be many big or obvious flaws, there's a reason why stuff like Authelia or Authentik exists, and besides the convenience of a SSO they exist because proper authentication is hard and has many pitfalls, and they offer security in the knowledge that their main focus is authentication, whereas on most other services authentication is just one of the features they offer so it might not be as secure.
My home connection is behind cgnat so I got a free VPS from oracle (provides a public ip address), install caddy on VPS, install tailscale on VPS and router, expose routes from LAN to tailscale network.
Now you can use caddy to expose, for example, a docker container (jellyfin) at 192.168.1.100 to subdomain.exampledomain.com with ssl cert provided by caddy.
VPS also requires some other stuff like ddclient and fail2ban.
I pieced this all together myself... it's doable if you spend some time reading.
That exposes Jellyfin to the internet
Yes exactly. What do you think plex is doing?
Using a relay server to separate online from home connection
Reverse proxy
That exposes Jellyfin to the internet, so it's my option 1.
It's not that hard to get a reverse proxy up, get a free DDNS, and a SSL certificate from let's encrypt.
https://www.linuxserver.io/blog/2020-08-21-introducing-swag
This is a pretty solid one stop shop for handling all reverse proxy with SSL certificate generation and renewal for jellyfin and other applications like sonarr, radarr, transmission, ombi and lists of others that are pretty much drag and drop configuration files if you're not mucking with the application's default ports.
That exposes Jellyfin to the internet, so it's not the same feature
And somehow you think that Plex isn't exposing your server to the Internet for streaming while not on your local network?
Okay there Mr. Madison.
It's not, not directly at least, and that's what everyone is ignoring here. You probably understand the value on Authelia/Authentik but you're failing to see that the Plex relay server is taking that same mantle here, so even if someone managed to compromise the relay server it's still not on your home server, whereas exposing jellyfin directly to the internet only requires one service to be compromised.
My dude if you are connecting from outside your local network you are "exposed" to the Internet in some way. What magic are you thinking Plex is doing? Is someone hand deliverying the packets via USPS?
In some way is different from directly, on Plex you're behind a relay server so it's akin to being behind a VPS running Authentik/Authelia in front of the service on your home. Compromising the relay server does not necessarily compromises your home server, so it's not direct like putting Jellyfin on a reverse Proxy would be.
Plex runs relay servers where your Plex server will connect to the relay and your player will also connect to the relay, making both ends of the connection egress type as far as routing and access control goes. https://support.plex.tv/articles/216766168-accessing-a-server-through-relay/
It's optional and likely not everyone uses it, but this provides a way for Plex to do remote streaming without the Plex server being reachable directly from the internet.
Separately, it costs money for Plex to run.