this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
275 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] purplemonkeymad@programming.dev 4 points 1 month ago (1 children)

I recently did exactly this. Only works with the web UI, no apps support it, but working well and those without the cert just get a 400 error. Not sure if non technical tbh, since you will get warnings when adding your root certificates to any device, and that might scare some who don't understand what it does.

Also set it up through wireguard, so can punch out of double NAT.

[–] SteveTech@aussie.zone 1 points 1 month ago (1 children)

Only works with the web UI, no apps support it

Yeah that's true.

you will get warnings when adding your root certificates to any device

It's not a root certificate, and I've never seen any warnings.

[–] purplemonkeymad@programming.dev 0 points 1 month ago (1 children)

You need the web site to use a certificate from the same root authority as your client certificate. Otherwise browsers won't present the certificate to the server. That means either warnings on connect or adding the root cert.

I do think if you are doing it with them in person it is doable to add it.

[–] SteveTech@aussie.zone 1 points 1 month ago

You need the web site to use a certificate from the same root authority as your client certificate.

I'm not sure if I've misunderstood you, but I use Lets Encrypt for the server's TLS, and then my own CA cert (which is only present on the webserver) for the client's mTLS and everything works fine, since it's the client that validates the server's cert and the server that validates the client's cert.