61
Plex server patching required
(www.bleepingcomputer.com)
Patch it to Jellyfin 10.10.7.
I did this a few months back.
Some things aren't as great, but you get full control and your server idles way better on JellyFin.
Yeah, as long as you have a decently supported client the entire platform is very serviceable. I do wish they would get rid of the unprotected endpoints and officially support 2FA on the server and clients.
For all their anti-consumer practices Plex does at least take their security very seriously.
I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren't updated.
Note: Plex didn't have SSL, and refused to implement it, until ~6 weeks after I created a POC token exploit. Here's the GitHub repo I posted as a patch before they got their system in order: https://github.com/Fmstrat/plex-ssl. In other words, don't give them too much credit.
I'll go look at it again as well, their (jf) source control still had a lot of ancient open tickets last time I looked at it.
TLS for Plex was a really nice guesture. Company handling the issuing of the cert was pretty nice.
Realistically, I don't mind running a proxy for SSL unwrapping, there are enough projects out there that handle the unwrapping and renew their own keys from lets encrypt.
I just want to self-host this thing maybe run it through a single proxy product send the URL out to my extended family and forget about it. I wanted to be as secure as reasonably possible enough that I feel comfortable surfacing it.
Right now I surface Plex for the distant relations and tailscale jellyfin for my own, but it kills me I want Plex gone. But there are random TVs and kids on tablets, and honestly I don't want to be everyone's VPN endpoint or worry about onboarding everyone's new device.
Yea the catch was we were asking for TLS for a long time, and this was pre- Let's Encrypt, so those patching on their own didn't have a free (minus work) way to handle it. It took a releasable POC to get action.
All out devices just have a permanent Wireguard client since it uses basically no battery, and then a allow rules for households. If you don't want to run the client, and don't want to take the time to learn, you don't get access. But I totally get how that's not for everyone.
Yeah, my problem is televisions.
If it was just tablets phones and desktops I could do SSL client certificates.
For my personal use I'm using tailscale and it's wonderful.
Ahhh. I put the wireguard client on the router, so it's more of a site to site setup for TVs.
I'm on Jellyfin as they banned Hetzner.
Should clarify Plex banned using Hetzner :)
https://torrentfreak.com/plex-will-block-media-servers-at-prevalent-hosting-company-230915/
There's the story but there's not much tea.
I'm guessing there were just enough complaints and Hetzner refused to take anything down.
Really bizarre to license people self-hosting software and then refuse them from hosting it in certain places over what content they choose to put up.
I wonder if they'll just roll through all the VPS now.
i'm ootl; how was plex able to ban them? isn't hetzner just a vps provider? (not questioning you; just curious)
Plex blocked Hetzner IPs, so servers hosted there can't reach plex.tv to auth users or validate plex pass.
that's wild :o
That's what you get for using anything that doesn't work fully offline. Seriously people still defending Plex and not seeing that it will bite them back sooner or later are delusional.
Given that hardware doesn't die, my Jellyfin will probably work until the heat death of the universe.
Basically it's possible by checkin IP of the server.
Who the fuck still uses plex?
What's the app/smart device adoption like for jellyfin these days? Plex usage for clients is really smooth. Plex comes preloaded on so many smart devices and the app ecosystem is dead simple. I can't imagine having to walk my family and friends through setting up jellyfin.
I still use Plex because I have a lifetime pass from many years ago and Jellyfin isn't yet as feature-rich and accessible on all of my family's devices.
I expect to someday migrate fully to Jellyfin once Plex is enshittified to the point is being a worse experience, but that hasn't happened yet (with the Plex pass anyway)
I've never used Plex. What are some of the features that you're missing in Jellyfin? Genuinely curious.
For me personally, integration with something similar to the plex_debrid script. I love how easy it is to add something my plex watchlist and have the plex_debrid script fetch it, add it to my debrid account, update the network mount, and automatically refresh my plex library in a matter of 2 minutes tops.
If jellyfin had a similar integration/feature I would switch over in a heartbeat.
Honestly the primary reason is some specific device support, eg. my TV has a built in Plex app but not a Jellyfin app, so switching also probably involves new hardware. I also couldn't get Jellyfin to work with another TV using Chromecast, but I'm getting rid of that anyway.
Otherwise, maybe you can update me on these since it's been a few since I last tried Jellyfin, some of the things that come to mind are:
- Smart collections & playlists
- Skip intros and credits
- Overall slick UI
I like Emby too, personally.
Client availability is valid. I use an android tv, that's been easy for me. There are mobile clients for every phone and tablet.
- I don't know what smart collections are, but I do get automatic collections for franchises (like all "28 x later") via a plugin. I don't have playlists, but I guess I never felt the need for one... What would you use them for, binge watching franchises?
- skip intro and credits is a thing, built in since a few versions (used to be a plugin)
- the UI is subjective, and I don't know any other one... I personally like how it looks, I customized quite a bit, easy to do via CSS.
Skip intros and credits is available on Jellyfin.
I think the Plex UI is still better than Jellyfin, but I've gotten used to it.
Never used the smart collections when I was on plex, so can't speak to that.
Plex4kodi there is a jellyfin like one but it is not even close.
People who bought the lifetime Plex pass, and have a huge group of friends and family already connected to their servers.
Until jellyfin has a secure, robust, one click solution for sharing over the web plex will be supreme for family and friends access
if it's just family and friends you care about, it was pretty easy for me to set up a jellyfin server at home and point a really small virtualhost on a server mapped to a domain name with a reverse proxy to my home ip and then just opening up the jellyfin port on my router. this was literally just for my mum and dad and brother so ymmv.
LMAO. Those are all words I've heard before, but that sounds waaaaay over my head!
We have different definitions of pretty easy, I said one-click
Oh, it's actually 0-click (though a couple dozen key presses)
sorry i thought you meant one click for family and friends to get on not initial setup.
"pretty easy" is a bit of a stretch
Use wireguard or Tailscale.
This really isn’t viable as WireGuard clients are just that, single device per client connection, what if someone started watching/listening content on their phone then all of sudden wanted to switch over to their TV or streaming device without having to go through a lot of hoops?
I opted to reverse proxy Jellyfin with Traefik however have fail2ban setup blocking every IP and only whitelisting the known users, added bonus of hiding Jellyfin’s default login form and required Keycloak for SSO.
From what I've gathered in other posts regarding Plex and jellyfin, the ones that never learned how to port forward or any other alternative solution for getting external traffic to their internal server. All the complaints I've read here regarding jellyfin boiled down to them relying on the Plex relay to handle the traffic for them.
Anecdote but ive been hosting Plex for family members for 10+ years. I tried the Jellyfin switch. Compared to Plex the Jellyfin apps are pretty bad, and I had a ton of performance problems with the remote streaming as well. Its just not ready for that use case. Family members begged me to go back to Plex.
My family at home and myself, we are using Jellyfin currently. It works OK for home use but there are days I want to go back to Plex. Its just a more polished experience.
Jellyfin definitely does not feel like it's a finished product yet, no. I run both and Plex feels a lot more polished. It has automatic collections, duplicate detection, cleaner design, etc.
Two things I hate about Plex.
- Its native WebOS app on LG TVs is incredibly slow. Every action takes seconds. Seeking in the video is quick but other than that, navigating the library is physically painful. Might have to do with my growing library size, but the mobile app is absolutely fine in this regard.
- Same TV version now: it is terrible at playing videos with multiple language audio tracks. It just plays the English (first?) track all the time, no matter which track I explicitly select. Super annoying when the kids are watching movies in our language. Jellyfin wins here, but the Plex mobile app is fine also on this point.
Other than these things, Plex all day. I wish it weren't so. 😩
I don't use the WebOS app but generally default subtitles/audio languages are set on your profile and the apps pick up those settings.
Try logging in to the web interface and going to your user profile. There is a "Playback" section where you can set your preferred languages. If this isn't set it likely is taking the default language from your media files instead.
It works fine on mobile and on the web interface via the same server, so it's definitely a problem with the TV version of Plex, unfortunately.
Thank you for trying to help though. ❤️
this post was submitted on 15 Aug 2025
61 points (100.0% liked)
Selfhosted
50550 readers
366 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS