Background and Goal
Of course, there are many ways to secure Jellyfin, and guides on opening ports, handling dynamic IP addresses, and acquiring security certificates. But all of these require multiple steps, multiple apps, and a networking learning curve that can be off-putting to new users.
My GOAL was to find a "one and done" solution to replace:
- DDNS
- Reverse proxy
- Port forwarding and router tweaking
- Server security
What is Tailscale and What Does it Do?
How it Works
Once you have installed Tailscale on a device and signed in, that device will be assigned an internal network IP address by Tailscale. This IP address is not accessible to anyone outside your private Tailscale network (ie anyone who is not signed in to your personal Tailscale account). All devices signed into your Tailscale account, will now function as if they are all on the same local network.
Once you're installed on various computers, your Tailscale admin dashboard will look something like this:
If I wanted to access my Jellyfin server from any Tailscale connected device, I would simply open a browser window and enter 100.124.6.128:8096. Because this is a private, secure network - I don't need a reverse proxy or SSL and it doesn't matter where in the world the computers are as long as they are all connected to the same Tailscale account and logged in.
The same goes for Jellyfin clients. If I connect my iPhone to Tailscale and open the Jellyfin client, I can add my server by entering http://100.124.6.128:8096. As far as my phone is concerned, my iOS client and server are on the same network.
Limitations
Give it a try and let me know what you think!