This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/RanidSpace on 2025-05-25 03:31:25+00:00.
My family has a Plex server with Remote Streaming enabled, and I'm thinking of moving to Jellyfin and adding other services like Sonarr or whatever else i can think of that might be useful
If I could just put it on a VPN I would. I have my own little raspi running some server stuff for me which i connect to over Tailscale, and it is. so easy. and so secure and it's nice and everything. If i tell my family and the few friends who use it that they have to install a thingie on Every Single Device They Own and it has to run All The Time or turn it on and off every time they want to do something, they will beat me up.
Tailscale free tier also has only 3 users per net, and there's more than 3 people who will use it. I think we'd be good to pay for a better tier, but it would still have to connect to TVs and devices which cant install tailscale or whatever other VPN solution there is. I think having to explain how to set up a subnet router to get around that over the phone to someone and then provide continued tech support to them afterwards may be worse than hell.
Anyway, I have a base knowledge of stuff. We have a domain and I can run everything through a reverse proxy to get proper SSL certificates and to only expose one port. I can run fail2ban. I can do some other hardening like not running anything as root, having a firewall, but afterwards I don't know.
I could whitelist IPs, but I don't want to have to deal with doing that every time, plus they may want to watch or use things from other locations, and even country-wide IP whitelisting might not work because they travel a lot.
I'd like to hide the IP of the domain, i think there's cloudflare proxying for that but I hear they don't want you sending video traffic through it or something (or is that tunnels?), I run it through a VPS but i dont know how to really do that? would I send the traffic from the home server to the VPS through a VPN and have the reverse proxy on there?
I've heard of Authentik, do I install that and then integrate it with each service?
I would like to make things as secure as possible and Not Kill Our Home Network while also having it be just as easy to use. Is this a fruitless endeavor which will only end in misery or am i just being paranoid.