Kind of a quick off the cuff question… but is it difficult to get a docker hosted jellyfin server accessible outside of lan safely?
I have tailscale and a VPN I can use for my own devices but would like to be able to access it safely without needing those.


I love Jellyfin but I would absolutely not make it accessible over the public internet. A VPN is the way to go.
Yeah I’m thinking maybe just have family sign up for tailscale.
Why not just run your own WireGuard instance? I have a pivpn vm for it and it works great. You could also just put jellyfin behind a TLS terminating reverse proxy.
Sounds like a pain to get non technical family members to use. If you’re willing to break the non web app you could always put it behind an authenticating proxy (which is what I do for myself outside of VPN, setting up a VPN on a phone is obnoxious and I only look at metadata anyway on my phone)
CGNAT is a big reason.
Or headscale, works like a charm
Yep, that way you can set ACLs, you they can only access the jellyfin ports + the ports you allow them to.
Also, tailacale DNS.
The fact that tailscale has google/apple/etc logon integration will also help.
Why “absolutely” not?
Have you seen the link?
Oh, sorry, sorry, sorry, i didn’t think this is a link 😅😅😅
Haha, no problem!
Oof, that’s bad… And lazy
Unfortunately a lot of these issues are architectural issues inherited from Emby