I tried testing a movie from my home server in plex through firefox and repeatedly got this message, even after reloading.
I knew that they had paywalled the apps on mobile and streaming from outside the network but now they have also blocked watching your own movies through your own hardware.
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
Even a pop up that says “we need you to donate please” would have been fine. make it pop up before every movie, play donation ads before any movie but straight up disabling the app is kinda cruel.
Anyway, i have switched to jellyfin and it is insanely good. please give it a try. you can run it alongside plex with not issues (at least i had none) and compare the two.
In any case, good luck. Let me know if you need help.
You must log in or register to comment.
As was stated on the first post you made about this, it’s a dns or nat reflection issue.
Plex sees you accessing it through your external IP address, and not through your lan IP.
I had a similar problem, and had to roll back some nat changes I made, and now it’s working fine again.
Meanwhile, free remote streaming works fine if you have a proper VPN setup. I just tested it, and was able to stream to my phone, through the Plex app, over my tailscale VPN, and I do not have Plex pass on the server or on my phone…
This sounds like a whole lot of convoluted bullshit to use Plex locally and “looking local” through VPN solutions when you could just roll a Jellyfin instance and do things a more straightforward way…
Yeah, but my wife and kid also use it, and they’re not going to be happy if I change things.
I did not make a “first” or “second” post about this. This is it.
Im using it locally with no subscription or any payment and it works fine. I stream to other smart tvs on the house not my phone though. If its connected to the local lan you shouldn’t have this issue.
Threads like this are why people don’t use open source. It sounds like a reality-denying anti-intellectual one-size-fits-all cult in here. This is also like half the threads about Linux. Just armies of tech bros who couldn’t put themselves in someone else’s shoes if their life literally depended on it.
Plex server isn’t open source.
They’re talking about the Jellyfin crew.
If people choose not to use software that’s open source because of the way people talk on some thread… were they intellectually thinking about their own best interests? It’s like no longer enjoying a show because some fans did something cridge - anything popular enough will have weirdos (from someone’s perspective).
The way people act while advocating for something does in fact affect the efficacy of their advocacy whether they want to admit it or not.
I’m sure that’s correct. Richard Stallman would be a good example of that, sadly. I doubt anything as negative has been said in this thread, or site. Seems more like people feel attacked when free software advocates point out uncomfortable issues. Like how people get annoyed with vegans talking about animal cruelty (I eat meat, saying that to avoid theonejoke).
What I see in these threads is the reverse. People insist that their pet solution is a panacea for every use case and when someone points out that it doesn’t work for them they get downvotes and sarcasm. Making use of the best software for your use case is not equivalent to complicity in animal torture and environmental destruction. Nobody’s being forced into constant pregnancy or having their calves taken away at birth because I feel like third party security patches for Windows will be a better option for me than fully swapping to a Linux distro.
But what is definitely happening is people stop reading pro-FOSS threads by the third rabid fanboy response and actually miss what could be a useful alternative.
If one limits their scope to the nutrients or taste of food on their plate then they wouldn’t consider the well-being of other conscious creatures. Only considering system requirements to complete an activity misses out the freedom of the user(s), apparently.
It is a given that humans suffer due to the unjust power that proprietary software gives devs over their user’s computing. Even the best dev does not the the willpower to always resist the temptation to use that power at the expense of the users. Many devs are oblivious they are doing anything wrong and many are malicious/anti-consumer.
There is also the impact it’s use and promotion has on others - money/feedback/promotion given to the non-free projects are boons not given to the freedom-respecting projects. I am better off when others start to move away from proprietary software.
Every non-Free Software will betray you eventually. It’s only a matter of time.
well, except WinRAR
What do you mean WinRAR isn’t free?!
“Free software” is different from “software that is free”
True, though WinRar is technically neither.
I just wonder if plex will ever sell the list of movies and IP address of everyone. Many people have the ARRs to auto download, even stuff still in theaters. What good is a VPN when plex knows your email and IP.
Honestly, I’d be rather shocked if this wasn’t already the case.
Moreover they probably have a database of everything you’ve ever watched and your IP and email address, just waiting to be leaked to the internet through sale or ransom.
Sell or get subpoena’d; tomayto, tomahto.
A little oversymplified but i’ll take it. :)
I thought free software was when you were the product and non-free software actually supported developers.
Or do you mean non-OSS?
“Free Software” is a defined term: https://en.wikipedia.org/wiki/Free_software
Free as in freedom, not as in free beer.
I thought we switched to libre for that definition and since then used free only as in free beer.
I thought we switched to libre
Maybe some people did. Thing is there’s a whole rest-of-the-world out there, and they didn’t necessarily get the memo or are happy with the existing way.
Libre (from French) is sometimes used to solve the ambiguity of the word free in the English language, but it sounds kinda awkward in English and there’s certainly no consensus that this should be the official replacement, or that the term free even needs replacement.
Furthermore, the FSF who originally came up with the idea of “free software” still exists and is still called the Free Software Foundation, though Stallman uses both terms interchangeably.
Yeah, the wording is confusing. A long time ago, there was no paid software, there was only software where you got the source code and other software where e.g. it was pre-installed on some hardware and the manufacturer didn’t want to give the source code.
In that time, a whole movement started fighting for software freedom, so they called their software “free”.
I mean non-Free Software.
In this thread:
- An OP that doesn’t understand how their network is working
- People rushing to suggest a solution that they fawn over because it’s open source. I have yet to see anyone recommend Emby.
- “Tailscale will solve all your problems!” Great - how do I make that work on an LG TV that’s 100 miles away?
- Open source has high immunity to devs making changes at the expense of the user for their benefit because anti-features can be removed. Recommending another proprietary alternative here would be like saying they aught to leave an abusive partner but then recommend someone with the same red flags.
Thank you Internet stranger for reminding me of this sketch.
What’s it from?
From a time when the jerk motion was used en mass. https://www.dailymotion.com/video/x2jvcd5
Welcome to “People rushing to suggest a solution that they fawn over because it’s open source.”
How do you personally 100% beyond a shadow of a doubt know that Jellyfin is the right solution? Why not a VPN, shared folder, and VLC? What about running a DNLA server?
Edit: All of you downvoting don’t know; and it makes you salty.
You mean a morally “right” solution? 😇
3 - An OpenWRT router with Wireguard connecting to another router 1000 miles away will do the trick.
Great; how do I get my Mother to do that over the phone?
It’s not a cake walk, but I’ve something similar for a friend who can barely turn on his PC.
The OpenWRT router was fully configured before shipping it to him and the existing router’s needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn’t easy, but he ultimately succeeded.
Ok, so you didn’t walk someone through it; you shipped them something preconfigured.
That’s not going to scale as I share out my server.
That’s not going to scale…
How many mothers do you have?
None of your business, insensitive clod.
AtariDump@lemmy.world wrote:
Great; how do I get my Mother to do that over the phone?
That’s not going to scale as I share out my server.
Are you incapable of recognizing that in this context my comment was a joke? What the fuck is wrong with you?
If #3 is your use case, then yeah, pony up the fees. Or learn to code I guess.
So, like every other jellyfin fanboy, no real actual answer.
Why would there be an answer?
How do I load and configure Tailscale on my TCL Roku TV?
This is an answer im looking for.
Natively, you can’t. Hackishly, you could put a small VPN capable router in front of it that would manage the connection.
That’s according to Dr Internet, so I haven’t tried it, but it seems very likely to be accurate.
Thanks.
One of my pet peeves is when people immediately jump to whatever their fanboy program of choice is regardless of if it’s actually the right program to run in the situation given.
I’ll add to #2 (IDK if it’s open source, though):
Give Stremio a try. Once you set it up (basically just add the Torrentio plug-in then whatever content catalogs you want), the workflow is much better and simpler than Plex.
You just browse it like Netflix: see something you want to watch, select it with your remote, then stream it immediately. No server to run, you don’t have to build libraries, you don’t even have download the content beforehand. Just select and watch. Could not be easier.
Is it torrenting in the background? Because, if it is, then you need a VPN and I don’t know how to set one up on my LG TV. Would you happen to have a guide?
If you live in an area where you need a VPN to keep your ISP off your ass, well you’re in luck because the Torrentio plug-in is compatible with Debrid services (Real-Debrid is a good one). They’re cheaper than a VPN (less than €3/mo) and get you direct downloads which ISPs don’t care about since you’re not distributing files like you would with a torrent client. What’s nice is that they work with any torrent—not just video—so you can download wherever you want at 1gbps speeds so long as the torrent has at least one seed. Since you’re not actually interacting with the torrents themselves, there’s no need for a VPN.
Setup is easy. The only thing you need to do is install the Stremio app on your TV, then open it and install the Torrentio plug-in. From there you configure your preferences like preferred resolution, language, etc, enter your Debrid service credentials if you have them; after that you install additional plug-ins for the kind of content you want. I’d recommend starting off with the Streaming Catalogs (lists popular content from Netflix, Amazon, Disney HBO, etc.)and Trakt.tv plug-ins (recommends content based on your viewing habits). There’s also plug-ins for anime if that’s your thing. Once you install the plug-ins you like, the only thing left to do is pick something to watch and enjoy. :)
You can also download the Stremio app to your phone and configure everything from there if you don’t want to fumble with doing all of this with the TV remote. I’d recommend doing it this way so that all you have to do on the TV is fire up the Stremio app and enjoy.
If you live in an area where you need a VPN to keep your ISP off your ass
Uploading copyrightes material is illegal pretty much everywhere I know of.
Exactly, which is why you don’t need a VPN if you use a Debrid service. No files are being uploaded. The Debrid service handles that for you by downloading the torrent to a remote server, than giving you a direct download link to the file. Nothing is being uploaded from your end.
Many places don’t enforce those laws for simply torrenting.
Some countries (US) ask the ISP to send warning letters and might disable the internet. In other countries law firms get personal details from the ISP and send a costly letter of a thousand Euro for a single infraction like in Germany.
That’s true, but ISPs have logs. And if something happens that makes the police change their mind about enforcing the law, you might be fucked, retroactively.
Again, not an issue if you use a Debrid service, because no files are being uploaded.
Bro you asked for a guide, I gave you a guide. The fuck you want from me? (For convenience sake I even made as short as possible. Literally less than a 45 second read.)
I put a lot of effort into that comment to help you out, and instead of saying “thank you”, you respond with this bullshit? What the hell is wrong with you?
Ungrateful prick.
I asked for a guide on how to setup a VPN on my LG TV.
Please specifically point out where in your long repo se you provided a guide on how to run a VPN on my LG TV.
Again, you don’t need a VPN if you follow my guide. Your reading comprehension is worse than mine, and I have ADHD. *sigh*
I always see people advocate for Stremio. But my experience was always very mixed. Half the time it would just buffer all the time. I guess it’s s my own fault for having little interest in the latest Marvel/Hollywood movies, but alas. I way more prefer my jellyfin/jellyseer/arr stack. Once it’s available I’m (99%) sure it works from everywhere in the world.
Are you using a Debrid service with it? It’s a much better experience if you are. Give Real-Debrid a try with Stremio. It’ll change your opinion.
Actual answer for 3:
- put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
- create subdomain, let’s say sub.yourdomain.com
- forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
- tell your relatives to put sub.yourdomain.com into their jellyfin app
All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either
- “port forwarding is a bad idea!!”, which yes, don’t do that. The above is not that. Or
- “people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk” which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).
(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)
@smiletolerantly @AtariDump
https://en.m.wikipedia.org/wiki/Certificate/_Transparency
Makes sure bots will hit you as soon as the certificate for your domain is issuedOK, add step above: use wildcard certificate for your domain.
Terminating the TLS connection at your perimeter firewall is standard practice, there’s no reason your jellyfin host needs to obtain the certificate.
For #3, subnet routing.
Where do I find Wireguard for my LG TV?
You can’t expect my relatives living 100+ miles away to start monkeying around with their router. That be like asking you to set the spark plug timing correctly using a timing gun.
Did you even read the link? You don’t need it on every device. It’s not really that difficult to understand.
I AM A 48 YEAR OLD FORMER FUCKING TRUCK DRIVER FOR FUCKS SAKE, and yet, I still managed to set up tailscale on my phone and a computer, and then access my stuff that ISNT running tailscale in any way, shape or form, from my phone, simply because I decided to figure it the fuck out.
Stop being so damned lazy.
I am so fucking tired of this “cater to the lowest common denominator” bullshit.
Stop being so dam lazy and do all the things you pay someone else to do.
Mow the lawn. Fix the plumbing. Run new electrical. Neuter the cat. Clean your teeth. Do your taxes. Properly segment your network into several VLANs so that your IoT devices can’t talk to your internal network.
I do all of those things except neuter animals. Most rural folks do.
If you’re cleaning your own teeth, you’re missing several.
The condescension in your first point is brutal. I suggest you apologize.
Old news, but time for Jellyfin. I made the switch a couple months ago. Some minor teething issues, but better, IMO, especially now as my family all have LDAP users and that just works.
Give me a package that runs on my ds214play and I’ll switch in a heartbeat
https://github.com/SynoCommunity/spksrc/issues/5941 ?
I really wanted Jellyfin working in my DS214Play with DSM6, and I noticed that a package for these evansport CPUs doesn’t exist and it’s officially not supported, so I tried myself and I succeeded.
Thanks for the link. It seems they got it somehow working on DSM6, but if I check the thread, it’s a lot of ducttape and locktight involved especially to run with DSM7. Might try it out on a rainy sunday
I made the switch a few months back as well. Have you had the issue where"Recently Added" just straight up doesn’t work? It’s about 50/50 for me whether my new downloads show up there or not, and if they do, it’s usually inserted somewhere down the list between other things I added months ago. Not sure if there’s a workaround, but it’s my #1 complaint with Jellyfin. Otherwise, it’s been great.
How is your underlying file system set up?
It’s an Unraid share on a local NAS, and the array is formatted as xfs.
Hmm, shared how? NFS?
I’m actually not 100% sure how to answer that. It’s just a “share” configured through the Unraid UI, being accessed by a docker container running on the same machine (binhex’s Jellyfin image.) I think that the “share” in this context is essentially just a mount point, but it’s also (optionally) exposed as an SMB share externally.
Ahh OK, a Docker bind. 3 things to check:
-
That you added the folders in that weird way Unraod requires, see: https://forum.jellyfin.org/t-solved-jellyfin-not-detecting-media-in-unraid (this probably isn’t it, but worth checking)
-
Make sure for newly added, Jellyfin is configured for Date File Scanned into Library, vs the Created Date on the file
-
Ensure the Arrs aren’t set to change the date on file import. By default they modify created/modified dates to be the release date, which can put things in an unexpected order.
Thank you! I checked #3 and it’s not that. I haven’t found the setting for #2 yet, but I just wanted to say I really appreciate your help.
-
awesome. thanks for chiming in. I will have to check how to do external streaming without opening my network up to the world (metaphorically).
…wireguard
(there are android TV apps for wireguard, not that any normie can actually move a client file to it and turn it on, or could be bothered to)
Thats not what I meant. I of course have wireguard set up for administration and my own streaming needs. But friends of mine who were able to use plex by just making an account but now they cant because of course there is no relay server etc. I’ll have to think of a way to make it available to them (easily!) without putting my network at risk.
Mine is public, but I block every state but the one all of my users live in(family) and I never get unwanted visitors. Couldn’t say the same if I lived in NY or CA.
If they have static IP addresses, you may be able to whitelist them in your proxy, or maybe there’s some sort of dyndns client/relay software you can run if their ips change.
yeah, thanks. but thats not gonna work for me. i live in a big city and none of us (me and my server included) have static IPs nor am I gonna get them (at all) and I dont want to pay for them either (because ISPs here want you to pay for them). in any case, thanks for trying to suggest something. it might help someone else who has a different setup. :)
Welp, I guess they’ll just have to start their own servers or you’ll have to get out your credit card. Pity.
yeah no. there are a lot of other solutions to this. they’re just a little annoying. others have confirmed there are similar setups like plex is doing with a relay server, but selfhosted.
You’ve got options.
Can your router open ports from a hostname vs an IP? If so, clients could run dynamic DNS.
WG client side isn’t really that hard, though. All the fam run WG 24/7 on devices, and only traffic for the internal network goes through it.
I know. the issue is my friends dont have networks run by me. So I have to gain access to them and have to change setups which makes the situation likely to blow in my face. its just not a good solution imo. People have already suggested a relay server which will likely be the best solution.
I used synology and reverse proxy. It was pretty easy to set up. The tricky part was going into jellyfins setting and connecting your reverse proxy to the path you made.
Overall my kids and family can now access it anywhere.
I run a reverse proxy too. are you talking about a public one? I’m probably gonna use a relay server for it which essentially is the same I guess.
Yes, the public one. I just use synology ddns as the public address. I’m good with programming, but when it comes to IT stuff, I’m dead in the water. So, their infrastructure helped
Neat. Thanks for suggesting.
Plex has pay walled FREE servers streaming to FREE clients only.
If you have a plex watch pass (for client) you’re good and can stream from any server. If you have a plex pass (for server) any one can stream from your server. But you have to have one or the other.
For software I like made by people getting paid, I was happy to pay the one time fee. It’s really good, secure, and downloads are fast now.
Ditto. There is a crowd on Lemmy who seem to get angry whenever people are happy to pay for software and I do not understand it. Surely we want developers to be paid for their hard work? Don’t we want them to able to comfortably live?
Agreed. I’ve stated it before in other threads, and I’ll say it again here, but if they asked me in 5 years to pay another $89 or whatever in continuing support for a badge on my server I’d happily do it. Plex is really good. Great UI, great apps, great external enrichments like trailers/subtitles/ratings/actor info, and Plexamp is 9.5/10 for music.
Their biggest fault is how they communicated about the change for remote users. I did have a few family members get the email and ask if they were going to have to start paying monthly now, but they’ve never been on a free server. They should have stated more clearly than if you were on a Plex Pass server that no change is required.
Best 70-ish euro I spent over a decade ago
And I just tested streaming from my free server to my free phone while said server is at my house, and my phone is with me at work.
Works fine over a VPN.
Yep, VPN will allow you to be on the same local network, and they’re only pay walling remote play.
Yes. But it used to be free to watch remotely. It’s 99% your own hardware doing everything. Their services get used for discovery, not as proxies for the connection itself, AFAIK.
You already had to pay them to allow transcoding with your own GPU, etc.
Right now it’s still not too bad, but just watch, enshittification will affect paid users too. For one, I expect the lifetime pass to go away, and go away retroactively eventually.
deleted by creator
She needs to update her app probably, it works fine for my wife on my server
It’s pretty rare that a company starts taking away free features and doesn’t end up fucking payers in the end.
The biggest bar to Jellyfin is TV clients, the second biggest is security.
TV clients can be fixed with a one-time purchase of a $20 android TV stick. If viewing your familys ARR content isn’t worth $20 you probably don’t need to do it anyway.
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
We could probably make a jellyfin helper container to handle some of this. Walk people through Let’s Encrypt, dynDNS, port forwarding tests, add fail2ban with a firewall, maybe even slap suricata in it.
We need to convince the project to add 2FA and password complexity requirements.
I don’t know guys what do you think is it crazy? does it make sense? Would anybody actually use it?
What are my realistic security concerns with a jellyfin server that I let friends and family watch while trying to minimize the troubleshooting and steps they need to take to get started?
realistic security concerns
If you’re running a binary installation of Jellyfin on your server and exposing it to the public internet, you can face significant risks:
-
Remote execution vulnerabilities might allow attackers to exploit bugs to run malicious code on your server.
-
Buffer overflows. Poorly handled data can let attackers manipulate memory, Bypass logins, touch things in the host that aren’t meant to be twiddled with
-
Network exposure. If compromised, the server could become a launchpad for attacks on your network.
There might not be any vulnerabilities at this moment, but they might come in a future release. And we might not even know they exist. It’s a small team of volunteers, and they’ll do their best. This is just what is reasonably possible when installing the server as an application on your OS and exposing it to the Internet.
You can minimize risk with a safer setup, as someone else in the comments here mentioned (and I think they even linked to their setup)
Using a Docker container version of the app significantly reduces your attack surface. This isolates the app from your host system. If they get in, they only get into the container and whatever that container is allowed to do.
Mount your media files as read-only to prevent accidental modifications or potential malicious changes. Now that container can’t do any real harm do your data.
Avoid making the container privileged. A privileged container can interact with the host system in risky ways.
Use reasonable unique usernames and passwords. If the container does manage to get compromised, they will likely be able to read usernames and passwords stored in the container.
Regularly update your container – Ensures you have the latest security patches.
Short of some massive Docker vulnerability, (which is on you to keep updated) the worst case should be public enumeration of your media, exposure of your JF users/passwords, and denial of service. Which IMO isn’t very serious.
For even tighter access control, don’t whitelist the entire world.
Whitelist specific IP addresses. Have users visit WhatIsMyIP to get their IP, then configure port forwarding to allow only trusted addresses. This allows the clients at their houses in without any serious hinderance, but would block them from accessing your media when they’re not at their house.
If they’re accessing you through a phone or PC, setup headscale or tailscale or any VPN and allow them to get to you through VPN
Amazing info, thank you for the response!
-
I would be very interested in an answer to this as well. Also any how to guides that would be useful for a guy whose technical high-water mark was getting mint set up on my laptop.
probably SSL
*TLS
SSL has been deprecated for a decade at this point
Would you consider this a particularly constructive comment?
I access my stuff via VPN. As for sharing with others, I simply don’t do that. VPN is still an option though. Or temporary client whitelisting, etc.
Yeaaah ! Most people anyway have some kind of VPN installed on their device… Just slap in a wireguard VPN config to tunnel your traffic home… bOOm jellyfin everywhere and 99% secure !
Now that’s an interesting thought.
A web page with Authelia, login and a firewall.
If you’re not logged in, All you get is a login page. If you are logged in, It passes you straight through to jellyfin.
So any device and client would be able to access it without issue once a phone or computer on the network had logged in just once.
The web page modifies the HA proxy ACL and forces a reload.
This will work fine over the web, but won’t work with clients.
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don’t put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don’t have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
This will work fine over the web, but won’t work with clients.
They have instructions on jellyfin forums on setting up HAProxy, that part totally works.
But you don’t put 2FA on the jellyfin server, for that you just deny all IPs except whitelisted.
You did the 2FA on the whitelister only using path-based routing.
You don’t have access to the root site, you go to a path and login to a separate database to whitelist yourself then your client should work from that IP.
edit:
I just tried it, it appears to work so far.
I can send websocket traffic inbound to 8096: to the JF server and it loads on web, Android and Roku clients with an ACL limiter on originating ips. and send 8096/whitelist to another server altogether with no ACL limits.
On that process, I’d load nginx, authelia, fail2ban and what flask? Surely someone has a python longin/admin framework that I could hijack for this. Then have that app reack over in shared container storage to twiddle the haproxy config to add some ip’s and reload it?
I wonder if I could do something to the haproxy side to detect non-use of an IP and remove it.
As someone who is … lazy and took advantage of some Amazon Black Friday Fire TV stick deals, and who doesn’t want to drop the $200 for a Shield:
Any Android sticks/players you might recommend?
Bittorrent joined the room.
Basic functionality, I’ve heard good things about the crappy Walmart ONN branded ones.
I know there are Alibaba options, But I’m awfully afraid of a lot of those have worst security issues than opening up jellyfin.
+1 for Walmart Onn, very easy to debloat and degoogle, supports SmartTubeNext, S0undTV (Twitch), Jellyfin, Plex, whatever else you want.
Thanks- was hoping there was something out there that’s a bit less tied into some large Amazon-y or Google-y type anything
For all their lack of privacy, the Fire Sticks perform pretty well
I think you make a hugely important point and I would definitely use it and I might even be able to help making it.
Current Idea:
Traefik does most of this through plugins, except the whitelist modifier,
Whitelisted?
- user: https://bob.com:9901/ -> jellyfin
Not Whitelisted?
- user: https://bob.com:9901/ -> 404
Whitelisted or Not whitelisted?
- user: bob.com/whitelist -> nginx/python, authelia, fail2ban, traefik whitelist modifier
Security for remote streaming is a harder thing to handle. Most people are capable of port forwarding, But just hanging a smallish public project out there in the open is always a dicey proposition. It honestly needs real fail2ban, probably SSL, 2FA and password complexity requirements.
Yeah.
It’s tough because I get they’re an open-source project, and they’re volunteers, but at the same time, security is something that should be the highest priority.
Though, you could just make it so that it’s not accessible via WAN and instead has to go through a VPN, though that’d make it harder to share with others.
That’s what I do myself but in a lot of cases VPN is beyond the grasp of the grasp of the friends and family that are being shared with.
Tailscale is somewhat approachable for this, there are a number of streaming devices that support TS clients. But then tailscale will eventually enshittify their free offering. Wrapping headscale into this will add yet another layer of complication. VPN is far more secure but I think it makes it unapproachably complicated for many.
Welp, i killed mine yesterday as it wouldnt let me stream while offline. Modem died so no Internet for me. Why do i have everything local if it dosent work while offline…
FYI you can definitely watch while your network is offline. You just net to tell it that you’re happy with that (it’s not activated by default for security reasons).
-
In your Plex server settings, go to Network, enable “Show Advanced”.
-
Near the bottom, find the textbox that says
List of IP addresses and networks that are allowed without auth -
In this field, enter the local IP address of any Plex client(s) you want to keep using if your internet (or the Plex cloud) is down.
-
A example:
192.168.0.50 -
Save the setting, done.
#Important thing to be aware of:
What this setting does is tell your local Plex server to simply give any Plex client that connects from that specific IP full admin access to your Plex server, ignoring any account restrictions. This means that if you have things in place to restrict access to some libraries (kids blocked from 18+ movies etc) those restrictions will have no effect. Also if you have the option set to allow file deletion, then any client from that IP could also delete items. And they could of course change any settings in your Plex server. So your kids can watch anything on your server, if you have a guest in your network and they browse to the Plex web interface, they can mess with things.
Because of that I would recommend to limit the amount of IP’s you enter in that field to the absolute bare minimum. For example, only whitelist the “main living room device” plus one device you to admin the server, such as a laptop.
If you want to whitelist multiple devices, this is a example:
192.168.0.50,192.168.0.77,192.168.0.80If you want to whitelist a entire network, these would be examples:
192.168.0.0/24 (this means 192.168.0.0 - 192.168.0.255) 192.168.0.0/16 (this means 192.168.0.0 - 192.168.255.255)And of course those involved network devices should use static IPs in your home network.
-
Exactly. Thats why i use jellyfin now. Try installing it alongside. For me it worked well.
Its already installed, but missing features, i was waiting for them to finish the db changes, because thats whats blocking them…
what features are you missing?
What about switching to Jellyfin?
I have been using rygel. I don’t need anything fancy, dump a few media folders onto any VLC player on the LAN.
Already done. Thanks for the suggestion though. :)
Why anyone still uses Plex for new setups is beyond me.
pretty much the only reason I still use Plex is because I like to be able to watch stuff during downtime at work and plex.tv isn’t blocked on the work network while my private domain is.
And no, using a hotspot off my phone on a personal computer isn’t an option, both because the security requirements of my job site prevent us from using personal devices in the main area where I work and because the building itself is a massive concrete structure that blocks most cell signals.
Strange that plex.tv isn’t blocked while a “personal” categorized website is. Have you looked to see what category your domain is shuffled under? You could try submitting a recategorization request to Cisco Umbrella or Fortinet databases. Requests for recategorization are free to do.
I’ve tried submitting recategorization requests through the links provided by my workplace on the block pages. The requests have been denied.
If I’m remembering right, it’s a Symantec web filtering solution that we use and they’ve decided that my domain is in the “personal blog” category. Which is a blocked category. Jeff Geerling’s website actually falls under the same category, which also kind of sucks, because I like reading some of the stuff he puts out.
I would go around them and go directly to the source of categorization. It looks like this is the Symantec categorization website in case it’s different from what you’re workplace provides - https://sitereview.bluecoat.com/#/
Well, i didnt. Its a legacy install and i had jellyfin already running parallel because of the remote streaming paywall they introduced.
Someone else already said it and you’ve already swapped but I’ll say it in detail:
when setting the server connection up you selected “ServerName (long string of numbers)” and not “ServerName (your IP - SECURE)”
this routes your connection through the Plex servers and makes it not a local connection anymore. this is extremely easy to do and forget you’ve done because it barely impacts performance
In other words, it’s a dark pattern that tricks users into letting Plex MITM their connection.
It gets around port forwarding/firewall issues that most people don’t know how to deal with. But putting it behind a paywall kinda kills any chance of it being a benevolent feature.
Labeling it as “SECURE” (implying the other option is insecure) is enough to make it seem underhanded to me.
port forwarding/firewall issues that most people don’t know how to deal with
This sort of thing makes me want to tear my hair out when I hear “Why bother rolling out IPv6 when IPv4 just WORKS!?”
NAT, port forwarding and the problems they cause are seen as expected, just the way the internet works instead of the dirty hacks they actually are. Most people aren’t old enough to remember the time when everything connected to the internet had a routable IPv4 address.
dark pattern
Nope, not at all. Its extremely forward, your local IP is listed first every time IME, and your lower-down comment has it backwards as it’s your local IP that had “secure” written on it
it’s not a dark pattern at all, people are just stupid and don’t read (including me, I fucked this up too at first)
Plex has paywalled my server!
Skill issue tbh.
Yeah but not on my end.
I’ve never been a Plex user. Always been with Jellyfin. I’ve heard that plexamp is a killer app but finamp has always been sufficient for my pretty basic needs. But I have a question for you (meant in good faith). You say,
I do get the point that making software should be able to sustain people but I dont see the move of plex as a fair thing to do. Yes, they have made great software but taking your home server hostage feels like the wrong move.
If Plex needs a sustainable business model, asking for donations isn’t enough. So what is the move for them? What do they do to both fulfill their need for a sustainable business and also not upset their userbase? (I’m not defending Plex or this move of taking your server hostage, in any way.)
I’m genuinely curious how, with the benefit of 20/20 hindsight, they should have played this or at a minimum, made better moves than they did.
Very glad you’re with jellyfin btw. You can check out some cool plugins at awesome-jellyfin.
So what is the move for them?
Plex has a two-pronged VOD service. They have ad-supported “live television” and they have content to rent.
I don’t know if that’s enough to sustain them but I don’t really care. I’ve been a PlexPass owner for over ten years. I have only asked that they resolve bugs and made requests for things like proper organization of classical music (which they’ve explicitly stated they will not consider).
You do bring to light something I hadn’t considered; that they see Plex as a business model. From my perspective, I want to buy a fully developed product with the expectation of bug fixes and security patches etc over time. I genuinely can not think of a single thing the developers have added to the service that I’ve used in the past ten years.
So, what kind of business model charges money to do things that don’t have an apparent impact on the user experience?
Plex has been one of my most used applications in the past decade. However, it has its limitations and they are actively imposing more limitations on the experience in favor of “a sustainable business model”.
The issue is that their sustainable business model is interrupting the users’ sustained use of a platform they’ve already paid for. I’ve had to go through all of my devices and disable all auto-updates to ensure I do not get the “New Plex Experience”.
What we should be asking is why “selling a product” is no longer a business model.
What we should be asking is why “selling a product” is no longer a business model.
Such a good question. Off the top of my head, I can think of two reasons: one cynical, one a little more practical.
Cynical first lol: Maxmize profits. Why charge once when you can charge monthly. I’ll move off this bc it’s a topic that’s been beaten to death, esp. here on Lemmy.
The more practical reason is probably because most software interacts pretty directly with the internet in some way. When we were just installing MSOffice98 with clippy, software didn’t need constant security updates, patches, etc. Remember when there was an update for MSOffice and you’d install Service Pack 1? That was one of the first patches I downloaded from the internet and it was a big deal back then. Now updates come out at least monthly, many times more often than that. I guess that means that you have multple product cycles occuring concurrently, which creates a financial model with a lot more unknowns… which in turn makes it harder to forecast what a product should cost, considering it would be the only revenue generated, per license for the life of the product.
I think selling a product is still a very viable business model, but you have to be a lot more accurate about revenue forcasting and product pricing. I guess it means you have a lot less room for error (from a business perspective).
This is not Microsoft. I haven’t updated my plex software in over six months and it runs fine. Still, yes, I would expect updates to any software I purchase as new patches are needed for OS updates, etc. That shouldn’t be more than two updates a year for a given OS - if at all.
Selling a product, generating revenue, using revenue to improve products or create new products is how we used to run businesses.
If they’re unable to maintain software updates with the revenue they get, then they should discontinue support of less popular products.
As I’ve stated on the plex forum, plex is no longer a media management and consumption platform. It’s a video on demand service. That’s their prerogative and that’s fine. The issue is that they’re discontinuing a product that people have purchased and use on a regular basis. I paid money for a product and that product can no longer be used if I change the device I use that product on. They should have left the existing product alone and released something wholly new.
What we should be asking is why “selling a product” is no longer a business model.
Because they’re not selling a product, they’re selling an ongoing service. They run the relay servers, and those cost money every month.
I bought a media management and consumption platform running on my own server using my own clients. For what reason do I need a relay service to watch content in my house on my server?
No idea, you’re the one that bought it. I did the same thing for a few years and never bought a plex pass.
What media management and consumption platform did you buy?
There are a few ways Plex could have played this:
- By attrition. Stop the sale of plex pass, but leave those users and their access alone. New sign-ups get new rules about features/$.
- By using some of their revenue to paywall Premium features, keep a cut-down but functional version for non-paying plebs. It doesn’t have to be all-or-nothing, even for streaming outside your network (which you could cap at X number of hours per month)
- Start making Plex features a-la-carte, meaning, $2/mth for HDR, 4$ for streaming, etc. Or bundles.
The point is there are lots of companies who do this right and don’t have such a blatant disregard for the user. In the long run, this will not help Plex, it will help other streaming service helpers who are actually willing to respect users.
I know you’re not defending Plex and I acknowledge that. However, I see a lot of “How are they supposed to make their money?” arguments here, hence my description above of just a few models Plex could have chosen instead of f**king the customer.
Yeah. “How are they supposed to make their money” is a question that I’m grappling with right now. OSS is hard enough with a straightforward MIT license but figuring out how to monetize in the OSS space (that doesn’t always reward nuance), adds a lot of complexity. I’m starting fresh, so I’m not changing anything on anyone… but getting a monetization strategy that is 100% perfect out of the gate is not likely so seeing this vs. a response like Pangolin’s is helpful.
That’s a good point, and it’s one that isn’t solved yet in the foss space.
There are some success stories like Blender, and other projects like Thunderbird and KDE who have recently made their model work through voluntary donations, albeit by hiring competent management of such donations. And there are lots and lots of projects somewhere in between.
The interesting questions to me aren’t so much about Plex, but the infrastructure behind all the tools we use: NTP on Linux, build tools, ffmpeg libraries, etc. Lots of other companies make products that make money, yet kick back nothing to these.
Would a royalty system work? I dont know.
From my view, a sustainable business model is very different from the way things are done lately. I built and managed multiple successful businesses and making them sustainable is doable without fucking over your customers.
They could absolutely have done a lot better things to gain more income. The important base question here is “how much do they need?” Because software does not have huge ongoing costs but massive initial costs and lower sustaining costs. Of course, large changes or complete makeorvers will be intense but they are not needed in every company.
Once that is clear, they could have started with better public relations, engaging people about the need for a specific sum or recurring revenue. They could have gamified it by selling badges, additional functions, tiers, restrictions on new installations, etc. But they didnt. They chose to paywall existing functions. one. After. The. Other.
Dick move.
So yeah, building a business is no joke but thats not for me.
Really glad you replied. Thank you. Your points are really good ones. I want to build something (software) for myself and the community but also struggle with where to draw the line when it comes to making my product generate revenue too. It’s a thing we don’t really talk about when it comes to OSS. Maybe we should create a new category called SOSS, (sustainable oss) lol.
Saying software does not have huge ongoing costs shows you’ve never worked on any huge software system. My works ongoing costs for hosting/scaling/storing data are millions of dollars a year.
You’re both right and wrong.
Its like saying “saying a company is easy to run shows you have never run an huge company.”
Both are false dychotomies. The amount of hosting costs, manpower, etc does not come from the project but how it is set up.
If you have to run servers for a software at all determines the cost for hosting for example. Same for every other aspect.
Linux is a huge software project I’m working on. Yet the cost of it is a joke compared to its size. It has way more users than plex.
You were the one that made the claim that “software doesn’t have huge ongoing costs”, which is what I said is wrong. Lots of software does, as you now agree.
Are you saying that you’re on your home network with your Plex server and it won’t let you play your media without paying? That’s not true if so. You must be outside the network.
My guess is they have VLANs and they didn’t set up the server to treat them as local traffic.
I’ve had that happen to me with plex, it was probably 100% my fault because I specifically changed things during the setup of the docker file, but apparently Plex can’t figure out that is local if it’s running inside docker with non-host network, it probably only accepts local connections from the docker network, and I was never able to make it treat my actual home network as local.
Under Settings > Network there is a configuration item exactly for this. I’m running host network, but you can add the docker networks here as well.
LAN networks is only available for plex pass users
It all starts to make sense then. I need to set Jellyfin up soon. It’s only a matter of time before they come after the “Lifetime” purchasers like myself. I bought it over a decade ago at this point.
the actual problem here is that OPs network is not configured correctly and that Plex detects that the physical local client is actually accessing the server from a totally other network.
Fairly common when you use docker to run Plex and have the container run in bridge mode. This will put the container in the docker network that will then be different to your local network.
Plex determines if a stream is local or remote based on the network so when your container is in bridge mode, the physical local client will be a remote connection because of the different networks.
And since remote streaming requires Plex pass since end of April, you will see this.
Yup, that’s exactly the problem I have, it’s ridiculous that it doesn’t let me stream from a local network just because it thinks that it’s local network is only the docker one, it should be fairly simple for Plex to figure out it’s accessible via a direct connection and it doesn’t need to route through the Plex servers for this. But it won’t get fixed because it pushes people to pay, hell from what people are saying here the config to fix this is paywalled so they create a problem for which they sell you the solutions.
I don’t have that configuration:
As someone else mentioned, this is only available to PlexPass users. Sorry for the confusion! I bought my lifetime sub over a decade ago at this point and forget about these inconsistencies that used to just be part of the product.
Therefore it’s literally impossible for me to watch my media locally, way to go Plex.
Are you running in docker? Change from bridged mode to host mode on your container which should resolve this.
Yes I am, but I don’t want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It’s ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it’s a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it’s running.
That is exactly the case. It is absolutely true and accusing me of lying is not okay.
You’re not lying, you’re just not good at networking and/or setting up Plex.
Plex does NOT charge for streaming on your own network. If it is saying that you need to pay it’s because you’ve set your network(s) or Plex up wrong.
And the next wrong assumption. It’s beginning to get really tiring. Maybe try to stop individualizing systemic problems. I know it is counter to our society but it is the only healthy way.
I’m building networks for a living. The situation I’m in has zero to do with my skills and assuming so is highly disrespectful.
But yes, as others have pointed out, it is likely that a configuration back when setting the service up years ago led to it using an outside connection which has only now become an issue because of plex’s switch to blocking remote streaming.
No matter because plex works just as well.
Cool, so you can finally admit you set Plex up wrong. Good job.
