I am not very competent with networking or under the hood/cli based tinkering, and am a new comer to linux. A year or so ago, I had previously made a jellyfin server natively on a linux system and used tailscale to share it with some immediate friends and family. Now I am starting fresh on a docker based instance of jellyfin running on a linux system again, and want to try to share it.
While looking into what was the best ways to do that, stumbled upon zroc on reddit and it seemed a simpler and easier than tailscale to manage/share alternative to that.
In the case of using tailscale, I had to have the other person become a user of that service and thereby allowing access to my private server. I am hoping that using zroc, I can achieve the same thing, but without having the people I want to share with not having to go through all that. I have spend some time reading through the various guides and getting started sections and youtube videos you guys have pertaining to zroc, and it definitely seems like its a possibility.
I am a little overwhelmed after going through all that information and was hoping that I can perhaps request a little assistance to this particular use case and advise me on what the optimum way I should set up a share, without compromising on security. If my estimation is correct, I ought to use a reserved public share with caddy using docker compose of my localhost:8096 server and use the link generated as a result for remote access to jellyfin. I have created a compose.yaml for deploying my jellyfin container, so I am assuming the information required for enabling this zroc share should also be input into the same file, right? Could one of you perhaps give me a template on what I should include in the compose file?
Hi @thvasd, welcome to the community and to zrok! (and OpenZiti)
If you're only sharing Jellyfin itself, I would tell you to just setup a simple zrok share and share that one thing. Yes you'd want a reserved share so that the share name never changes You could certainly use caddy if you like too, but I dunno if that's needed for just sharing one app.
Personally I like to start small and work my way up. Start off by just using zrok directly to reserve and share your Jellyfin server and get used to that process. Once you've done that, and know that things work, then I'd move into using docker.
I'm not super familiar with Jellyfin... but I'm assuming you access localhost:8096 locally using a web browser?
If so, you really shouldn't need to do much other than zrok share public localhost:8096. If you're just sharing that single endpoint it should be that simple.
What makes you think you would need to use the Caddy backend?
I don't know if @qrkourier is around, but he might be able to help withe compose template.
Hello and thank you! @TheLumberjack and @michael.quigley, initially, it did seem that all that was needed was to just share like you suggested here, but then I thought that it seemed sort of too simple and easy, and wondered if that was enough security wise, maybe I was overthinking it. Reading through all your guides and such, I guess I got a little overwhelmed as I said in the post. I thought I needed caddy because I am sharing the server over internet, and reverse proxy was mentioned in various other guides and such when it came to effectively securing that sharing process.
So, just to confirm. I just share my localhost:8096 via a public share (reserved name) and provided the generated link gets shared with people known to me and trust, I should be all set and needn't worry too much about security and access. I will just use it natively on my linux and try out the docker method in the future.
Does Jellyfin have it's own system for logging in? The users you share your URL with will need an account on Jellyfin (username/password) to log in, correct?
If so, then yes... that should be enough to get the job done.
If you wanted to try and layer on another layer of authentication, you could use the --basic-auth CLI flag with your zrok share command, to add an additional username/password. There's also the more complicated --oauth-* options.
But if Jellyfin provides username/password authentication, that should be all you need.
Yes, Jellyfin has both web interface and apps, for the web version, you go to the url on a browser and input user id and password to login. In case of apps, you are to provide the server url, accompanied with a user id and password combo. Since zrok provides a url, I assume it will work in both instances. I will try it out later today and update here the result.
I will see if the auth methods can work if I am to use apps, but in any case, the people who I share with will have userid/password issued to use it.