MaggiWuerze

if your mail server blocks them they won’t show up there I think. It just refuses to accept the mail. Maybe check Nexxtcloud logs to see what happens when it tries to send the mail

do they not get sent or do you just not receive them (eg because your mail server blocks them as spam)?
Do both come from the same address?
Can you try to format the testmail the same way to see if they still arrive?

Still better to have a team to react to this incident than just have them shrug and ignore it for 5 years

No, the worst is that a company like Sony or their lawyers can find my server and create a list of movies I offer and then sue me over it. I live in a country where lawyers make a living doing nothing but that.

Besides that, security by obscurity is the worst possible form and barely qualifies as security at all. It’s also another place where the Jellyfin devs leave their users to their own devices when it comes to securing the server against malicious actors.

And none of this is clearly communicated by the project. The unauthenticated endpoints are not disclosed, the issues with the filepath is not disclosed. Jellyfin fans treat it as a drop in replacement for Plex, but people using it as such basically throw an unauthenticated server onto the open web

That’s simply not true. You can just set your local ip range as unauthenticated and use it to your hearts content without an internet connection.

You can access it through your local network without authentication. Add a vpn and you got the same setup Jellyfin fans will praise

Plex has a whole team dedicated to security. It’s obviously not perfect and it is a larger attack surface than Jellyfin, but I’ll take that any day over devs who treat security as an afterthought

Again, its not random. It’s not a UUID. Its an md5 hash of the filepath. Which is easily guessable since most people have a very similar if not identical folder structure, especially since a lot have it managed by the *arr suite. take that plus the publicly available release names for movies and you’re done

The general jist is, do not expose Jellyfin to the internet. Neither via a port nor through a reverse proxy. Its simply not build secure enough for that.

Use docker to make the setup easier, then use tailscale or whatever VPN solution to allow users from outside your network to access it.

All of the additional authentication solutions mentioned break client compatibility. Then you could only watch through a browser.

Install docker, deploy Jellyfin to it, test it. They both have good guides on their respective websites.

That doesn’t solve the glaring security issues Jellyfin has. It just changes the computer through which they are accessed

Yeah and that kills Jellyfin as a drop in replacement for Plex. I would’ve deployed it years ago with a subdomain and given it to friends if it was as easily shareable as Plex

Which breaks basically every client, since none of them can deal with basic auth getting in the way

Yeah, and in contrast to the Jellyfins devs, they acknowledged a security risk and fixed it. The chances of Jellyfin actually doing something to improve the security is rather slim, since they prioritize client compatibility

My favourite way of having a secure Jellyfin is using Plex

If they all run on docker, you just have to add labels to them, telling them what domain and port they use, etc (look at the labels from your compose). Then you add the traefik base network to them and presto. Traefik recognizes the labels and automatically routes incoming requests to them and creates certificates for them.

I would recommend a single compose stack for traefik and then one compose file per context (e.g. NextCloud, its DB, documentServer in one stack)

Yeah, I read about the lawsuit thing. I actually already looked at OpenCloud as a NC replacement, but the docker setup isn’t really polished currently, so I’m gonna let them cook a while longer

Lol, for real? I wondered why they would create OpenCloud if it is basically just OwnCloud IS

An Intel CPU with quicksync is the better and way more energy efficient solution for transcoding. A regular 8th gen+ i7 can handle multiple 4k transcodes

No, I’m complaining about people who act like Jellyfin is a drop in replacement while ignoring everything that would make it harder to user than Plex. I like Jellyfin and I would like nothing better than to have it as my disposal should POlex actually turn evil one day. But the current state is just not feasible if you want a seamless transition.

I live in a country with a very active and litigious copyright lawyer scene, so I will not take the risk of my server exposing the contents of my library, even if that is a minor risk.

When I can run Jellyfin and expose it through a subdomain, I will. But the devs have made it clear that that won’t be anytime soon, since they would rather have an insecure app than break compatibility with clients

And if you can wipe the foam from your mouth for a second, you’ll notice I wrote ‘software’ not network.

But in the end all you’re here for is a pad on the back from the Jellyfin guys for “seeing the light”. So you do you and maybe I won’t have to read more of you Plex posts, since you’re now in happy Jellyfin land