Hello everyone,
I want to create a Tailscale account to access my Jellyfin server from outside my home, but I’m already stuck at the first step: to create an account, you need either a GAFAM account or OIDC. I don’t have any personal accounts with GAFAM because of Lemmy’s bad influence. My emails are on Tuta. I don’t want to overcomplicate things as I’m a noob, but after spending 30 minutes researching OIDC, I still don’t know where to start… I don’t work in IT (at all).
Is it better to just give up and create a throwaway account with a GAFAM platform, or is there a simple way to do this with OIDC? If so, can anyone point me the way? Is there a free reliable OIDC provider? Will that make things complicated afterward with tail scale?
For more context: I turned my old gaming PC into a media center running Fedora and a Jellyfin server that I access locally. I was surprised by how relatively simple it all was, especially getting Jellyfin to work locally.
Obviously, I wanted to use Tailscale to connect to Jellyfin remotely, but I never had time to look into it. I was told this morning that I’m going to undergo major surgery with a significant recovery period ahead, so suddenly this has become urgent…
They all seem self hosted and I am not yet to the point where I feel at ease with that as it seems to be “exposed” (I don’t really know what it means to be honest). I do intend to get into this kind of stuff later though.
I was very skeptical because I didn’t want to punch holes into that nice safe lan. Pangolin got me in the end after I left tail scale with its easy docker for a cheap vps (1GB ram) and its approach in general.
For example I am running my services locally in a docker via compose. I add a newt endpoint (pangolin talk) that is a docker container with some with info for my pangolin instance ton said compose and I have only the content of said docker compose connected via wireguard.
Next step is exposing a public resource where you choose a specific service and port to map to a public URL.
It is all so compartmentalized its fantastic and makes me feel good about that public service.
Securing that service itself is possible with an additional auth layer.
Sure, sorry, you’re in the selfhosted community, so I sent some self hosted options 😆 If you own one of the internet/wifi routers with Wireguard built in (FritzBox, MikroTik, etc…) that might be an option as well. Other than that, I never tried any of the more commercial options, so I don’t know much about it.
I’ve been wanting to learn basic self hosting for a while but I don’t really have the time to dig into it now (I have two young kids, a job that takes a lot of brandwitch, and brand new medical problems). I’m only in this situation because Jellyfin was waaaay to easy to setup locally so now I want more. It’s all their fault.
In a few years I’ll dig more, for myself and to be able to teach some basic tech literacy to my daughters when they grow up.
Take care. Yeah, some things are really easy. But then at some point it always gets nasty, there’s a million details to learn and you can keep digging down pretty much forever 😆 If you’re at some time in the position to do it as a hobby, there’s ways to make it a bit less time consuming. We have some turnkey solutions. I sometimes recommend https://yunohost.org/ for people who just want to set up a server without dealing with all the low level stuff… But still, it’s an entire hobby.
Uh, I never heard of Yunohost before but it actually seems awesome ! I bookmarked it. It might lead me to start with getting serious with selfhosting sooner than expected. The downside is that it will lead me to ask even more stupid questions to this community…
wireguard is self hosted and you do have to “expose” one UDP port. From the outside it’s difficult to detect that this “opening” exists because wireguard just listens and ignores everything unless you send the encrypted credentials. Compared to hosting a webpage or jellyfin directly this is much more secure. As long as you keep wireguard relatively up to date you don’t really have to worry much about it.
I personally use wg-easy. It’s designed to be deployed into docker (using docker compose is by far the easiest).
Then you can either use your IP address, or ideally a dynamic DNS provider so you’d connect to myexample.com:51820. Duckdns is free, otherwise options are available like cloudflare. If you can get jellyfin working, this should be relatively straightforward.