Put your local Jellyfin server in a tin, and securely serve it up on the internet 🚀
This project is especially helpful if you: 1) Have a local Jellyfin server that you want to access over the internet 1) Do not currently have any infrastructure to expose services to the internet 1) Wish to hide + secure Jellyfin behind an identity provider 1) Wish to use Jellyfin clients (Android, etc.)
If you're wondering, "why can't I just expose my Jellyfin server to the internet?" I recommend reading Collection of potential security issues in Jellyfin
The final deployment looks like this:
👤 -> VPS
-> Nginx
-> Tailscale
-> Nginx
-> Authentik
-> Jellyfin
1) Keep an eye on Jellyfin's SSO plugin and incorporate it here, once it is stable and no longer "100% alpha software."
1) Await NPM's Fail2Ban feature request.
1) Await NPM's CrowdSec feature request.
If you're using a Raspberry Pi, then you will need the 64-bit OS.
docker
& docker-compose
You can use the helper script at ./all.sh
to control this stack.