I got started with jellyfin and never used Plex but there’s a bunch of rough edges:
No apps on several smart tv/streaming stick stores, Vizio has an app for plex but not jellyfin so I would need to buy a new streaming device. Yes smart tvs spy on you but the alternatives people recommend either spy on you just as much or are expensive (Nvidia shield) and most of them still require side loading so it’s a major obstacle for sharing with anyone else.
Casting from the mobile app won’t play at full resolution, you can get around this by using VLC as your player and casting from that but that causes it to frequently lose watch progress. Also stopping casting or playing the next episode doesn’t work properly with VLC and you need to rapidly mash “back” to get into the jellyfin app again and queue up a new episode.
The current release of Jellyfin desktop won’t play audio for iptv streams, this is fixed in the dev branch but I have yet to find a build without other critical bugs so I’ll likely need to wait for the next release which currently has no target date.
The browser version has spotty controller support that stops working constantly. When it does work it lacks any way to access context menus to mark shows as watched etc. If you’re using a flatpak browser to run it on steam deck or whatever, you’ll have codec and passthrough issues (Chrome is the only flatpak with decent codec support).
Others have mentioned the security issues which you can bypass by putting authentik or something in front of it but then you can only share with people using browser.
Same problem regarding security because if you leave it up to jellyfin to do auth you are betting on the wrong horse. With pangolin auth in front of it you have the same problem as before. Clients can’t handle the additional auth.
Or am I misunderstanding the concept of tunnels wrong? I am using pangolin as a reverse proxy with nice VPN management included. How do you the tail scale style “connect this client to this network that has the jellyfin server on it” thingy?
You have a VPS that relays the pangolin tunnel and a reverse proxy serving the tunnel through a cloudfare + fail2ban protected domain. It should be really cheap since the vps only really runs for the initial auth and connection, and once in a while to update the tunnel IPs. You just give people a domain and a credential for the client.
It sounds complicated but isn’t really. I did it once but then returned to plain tailscale since I don’t really share my server with many people.
When setup with tunnels, cloudflare doesn’t see any media traffic. Cloudflare only needs to serve the auth and handshakes. The actual traffic is IP to IP, TLS encrypted if you setup a domain correctly. Or just use something like tailscale that sets up the certificates and domains for you.
I got started with jellyfin and never used Plex but there’s a bunch of rough edges:
What about exposing through Pangolin tunnel, Cloudflare Tunnel, Tailscale Funnel approach? Would that allow proper client access?
Same problem regarding security because if you leave it up to jellyfin to do auth you are betting on the wrong horse. With pangolin auth in front of it you have the same problem as before. Clients can’t handle the additional auth.
Or am I misunderstanding the concept of tunnels wrong? I am using pangolin as a reverse proxy with nice VPN management included. How do you the tail scale style “connect this client to this network that has the jellyfin server on it” thingy?
You have a VPS that relays the pangolin tunnel and a reverse proxy serving the tunnel through a cloudfare + fail2ban protected domain. It should be really cheap since the vps only really runs for the initial auth and connection, and once in a while to update the tunnel IPs. You just give people a domain and a credential for the client.
It sounds complicated but isn’t really. I did it once but then returned to plain tailscale since I don’t really share my server with many people.
Cloudflare doesn’t allow streaming large quantities of data through their tunnels. At least it’s against their ToS.
When setup with tunnels, cloudflare doesn’t see any media traffic. Cloudflare only needs to serve the auth and handshakes. The actual traffic is IP to IP, TLS encrypted if you setup a domain correctly. Or just use something like tailscale that sets up the certificates and domains for you.