Do I need to use a vpn?
For what? We need more information about what you are trying to do.
You don’t need to. But you should use a reverse proxy. A good easy one is Caddy. With caddy you just have to open port 443 and port 80. That way you don’t need to expose jellyfin port to the internet. You can get your own free web address at NOIP. They have a program that will keep your IP sync’d to the address you create.
This isn’t a complete guide but it has some basic ideas for Jellyfin on a Windows PC.
not enough info x:
hosted at your place ? for LAN use ?(and external connections blocked) : no, not really
else : mabe
Like if I’m hosting it on my PC and accessing it remotely on my phone do either of those devices need vpn?
What would a reverse proxy do for me?
Negative chief, if both devices are on the same LAN (Network/Wifi) then you can just go the IP address of the PC on your browser with the appropriate port; hope that helps. If you where maybe traveling and wanted to connect to your server while outside of your LAN, then a VPN could be one way to approach that.
If you are not at home then yes a VPN would be one option. You could also setup a reverse proxy that has SSL enabled so all your traffic is encrypted. Both options will require you to forward a port on your router, one to the VPN server the other to the reverse proxy. Also if your IP changes all the time from your ISP then you will need a domain name with some kind of Dynamic DNS to map the domain to your changing IP address. That will make it easier since you can just use a name instead of having to lookup what your IP is all the time.
Get a web address (like from noip or duckdns or buy a real domain) and point it to your home network. forward traffic on ports 80 + 443 to your reverse proxy server. the reverse proxy establishes a secure connection with the client (https) and then forwards the request to the right server on your network (jellyfin).
A little bit easier/safer than properly exposing your JF server to the internet. And much more convenient if you ever decide to host more than 1 thing.
i use nginx proxy manager, lots of people use caddy, lots of good options out there. both of those two are super easy to play with.
A reverse proxy limits the amount of ports that you have to open externally to the internet. Generally you don’t want to directly expose your service ports to the internet for security reasons. Caddy also adds the extra benefit of forcing https instead of regular http. It makes things just a bit more secure. Than not using a reverse proxy or a vpn.
If you want to use a vpn for external access that is ok. You can use Zerotier for free. It just requires that every external client has to have the Zerotier software installed. I tried Zerotier and it was easy to set up on my android phone for external access. I don’t think Zerotier can be installed on smart TV’s. I could be wrong though.
I ended up not using Zerotier and just using a caddy reverse proxy on my jellyfin computer. Because my relatives use smart TV’s.
Ok so forgive me because I’m kind of a noob. Basically are you saying that I would use a vpn to give myself like a static ip address or whatever to use to connect remotely? But just in terms of like security I wouldn’t need to use it? Also why would I need to forward a port? Thanks.
What would happen if I don’t do this? Might i get a letter from my isp or something?
I’m currently using windscribe to access my jellyfin server remotely. Windscribe provides static ip and port forwarding. Many people have said that it is the safest and easiest way to access jellyfin remotely. However, I’m not sure about the safety part because my connections to jellyfin is going through http and not https. For example, if windscribe has provieded me with static ip 123.456.789.123 and i have forwarded local jellyfin port to 11111, then I can access my jellyfin server using http://123.456.789.123:11111 from anywhere but i was hoping for this address to be https. Should I be worried?
There is no way to give yourself a static IP. That is something your ISP controls. You can’t access anything on your LAN remotely without port forwarding setup in your router. You need either a VPN or reverse proxy to access Jellyfin when you aren’t at home.
Your ISP? Probably not unless they look real close. It’s easier than trying to expose your JF server directly. And a little safer for reasons. And I think that’s the “officially approved” method anyway for remote JF access.
This part is a bit outside of my knowledge range… I think that windscribe might not be doing what your hoping. I could be wrong but there is a difference between a Personal VPN and just a VPN like Windscribe. A Personal VPN like ZeroTier creates a personal VPN that only you can access, it does this by you installing the software on all of the clients that you want connected. A Normal VPN just requires you to Install it on one pc and it makes that 1 PC anonymous by giving it a fake IP. You can test this out by going to any computer that isn’t connected to windscribe and trying to connect to your jellyfin server. If your able to connect then windscribe isn’t hiding your server.
Regarding http vs https. Yes you want https. It is a secure version of http.
But again I could be wrong about windscribe. I’ve never used it.
An easy way to switch to and force https is to set up CaddyServer or Nginx on your pc and configure it as a reverse proxy. Just using a reverse proxy like CaddyServer combined with Strong passwords on your Jellyfin accounts will pretty much cover you. I just typed up a pseudo guide on my setup recently you can find it in my history. There are other guides also.
You don’t need to do a Personal VPN like ZeroTier and a Reverse Proxy. One or the other should suffice. Regardless make sure you have Strong Passwords.
Thank You very much for replying in detail. For now, I have settled on ZeroTier and I’m able to access my media server and few other things remotely. However, i still connect with http but i believe it is safer because i first need to be connected to my zerotier network, which i have set to be private. I do still worry a little. If i’m connected to a public wifi, then can a person see me what i am doing if i connect to my jellyfin over http using zerotier and may be able to see my password? Does zerotier use extra encryption so that nobody can still see what i’m doing over zerotier ip, even if it is over http?
However, I do wish to learn how to set up reverse proxy but I’m so occupied right now that i want to get things done in easiest and safest way. May be, i should enable https in jellyfn itself by obtaining an ssl certificate.