this post was submitted on 05 Jul 2026
107 points (95.0% liked)

Selfhosted

60451 readers
808 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I have docker installed, but only have a vague idea of how it works.

Back in the day, I would just port forward, but even then, I would need a static IP somehow.

I have heard a reverse proxy is an option, but that is an entirely new topic to me.

Surely there is an easy way to access Jellyfin outside of my home network that I'm just missing.

you are viewing a single comment's thread
view the rest of the comments
[–] ridethisbike@lemmy.dbzer0.com 1 points 11 hours ago (1 children)

I've debated setting up Authelia or something similar because cloudflare is sooo slow to load their login page, but haven't landed on anything yet... Plus I worry I set something up wrong and expose my network

[–] ohshit604@sh.itjust.works 1 points 11 hours ago* (last edited 10 hours ago) (1 children)

I can’t be much of a help with Caddy however, for Traefik you can use the OIDC Middleware to forward requests to your authentication service.

Plus I worry I set something up wrong and expose my network

The only port that would need opening is :443, leave port :80 closed so that people cannot connect to your services insecurely. Slap fail2ban or geoblock on it and call it a day. Also, DDNS allowlist for that deny-first approach.

[–] ridethisbike@lemmy.dbzer0.com 1 points 10 hours ago

The current config routes through the cloudflared tunnel so no ports are open externally at the moment, so that's nice, but yea, I'd have to imagine there's some documentation out there for caddy.

Caddy has been a pain, though, so I might give one of the others a try. Thanks for the tips!