How do you not do that? It's all in your local network, how would it not work offline..?
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I have everything connected over Tailscale, and strictly only use IPs delegated through this system. So i realise now that I have to step away from that if I want to make it work locally :P
Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it's not as scary as it sounds.
What is the issue with the external dependency? I would argue that consumer routers have near universal shit security, networking is too complex for the average user, and there's a greater risk opening up ports and provisioning your own VPN server (on consumer software/hardware). The port forwarding and DDNS are essentially "external dependencies".
Mesh VPN clients are all open source. I believe Tailscale are currently implementing a feature where new devices can't connect to your mesh without pre-approval from your own authorized devices, even if they pass external authentication and 2FA (removing the dependency on tailscale servers in granting authorization, post-authentication).
vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we're deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we're certainly passed accepting a budget consumer router as acceptably meeting these and other needs.
Also you don't need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.
If you're really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don't have to open anything directly, and internal traffic still routes when you don't have an internet connection at home. It's basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.
vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer.
WTF? What galaxy are you from? Literally zero average consumers use that. They use whatever router their ISP provides, is currently advertised on tech media, or is sold at retailers.
I'm not talking about budget routers. I'm talking about ALL software running on consumer routers. They're all dogshit closed source burn and churn that barely receive security updates even while they're still in production.
Also you don't need port forwarding and ddns for internal routing. ... At home, all traffic is routed locally
That is literally the recommended config for consumer Tailscale and any mesh VPN. Do you even know how they work? The "external dependency" you're referring to — their servers — basically operate like DDNS, supplying the DNS/routing between mesh clients. Beyond that all comms are P2P, including LAN access.
Everything else you mention is useless because Tailscale, Nebula, etc all have open source server alternatives that are way more robust and foolproof to rolling your own VPS and wireguard mesh.
My argument is that "LAN access" — with all the "smart" devices and IoT surveillance capitalism spyware on it — is the weakest link, and relying on mesh VPN software to create a VLAN is significantly more secure than relying on open LAN access handled by consumer routers.
Just because you're commenting on selfhosted, on lemmy, doesn't mean you should recommend the most complex and convoluted approach, especially if you don't even know how the underlying tech actually works.
FYI ^ Sunny — I suggest you query your LAN routing config with Tailscale specific support, discord, forums, etc. I'm 99% certain you can fix your LAN access issues with little more than a reconfig.
Yeah that is true. Its just that it makes things so dead simple for other friends and family to join in on. Its defo something i need to re-evaluate.
Do you by any chance faces a guide on how to get that running?
I just built my own automation around their official documentation; it's fantastic.
https://www.wireguard.com/#conceptual-overview
Why would you run local traffic over the VPN?
When I first got into self-hosting I started out using Tailscale, at that point i didn't know better and figured it was all or nothing. It has actually worked flawlessly to be fair. Probably not the best or smartest decision of my life. But am now slowly wanting to turn to just a clean WireGuard setup.
the best way to learn is by doing!
You should still be able to access everything through tailscale once you switch everything over to use local IP addresses.
If all the devices are in the same network you should be able to stream content even without internet. I had to wait for 5 days to my ISP set up my internet on my new address and I watched my jellyfin library in the meantime with no problems.
You shouldn't have the do anything specific at all, local network stuff works without internet and Jellyfin doesn't rely on any internet servers like Plex does for authentication.
Plex allows you to add a list of local IPs that can access your server without authentication, just have to be sure to do it while your internet is up or else you won't be able to log in to edit the setting.
It does but it's a bit of a weird way of doing things.
Not a great feature when you have multiple people in the same house with different users and watch histories.
At least for me, this works out of the box.
Some requirements:
- All the devices need to be on the same network
- DNS needs to work or you have to use IP adresses for connecting. I've configured local DNS on my router.
Offline hours? Is that something that happens often enough to need a work around?
No not really... Would just like it to be an option IN CASE it were to happen...
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
CGNAT | Carrier-Grade NAT |
DHCP | Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network |
DNS | Domain Name Service/System |
IP | Internet Protocol |
IoT | Internet of Things for device controllers |
NAS | Network-Attached Storage |
NAT | Network Address Translation |
Plex | Brand of media server package |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #968 for this sub, first seen 12th Sep 2024, 08:55] [FAQ] [Full list] [Contact] [Source code]
My setup is pretty simple. I use static DNS on my router, which points my jellfin domain to the local address when on my LAN, and I set up DHCP to point my devices to use my router for DNS. It's incredibly simple, so all I do is type in my jellyfin domain and it works optimally wherever I am.
I actually had my internet go out for a couple hours and we were able to watch our content just fine.
During a rare internet-but-not-power outage, my roku tv refused to turn on or give me any option to switch inputs because it couldn't update.
Yeah between the forced binding arbitration and their claims to wanting to start pre-roll ads, Roku is dead to me, I will never buy another device from them nor recommend them to anyone.
I have a single network with my jellyfin server and wifi devices, I run Pi-Hole with DNS for internal things and can use Jellyfin while at home or out and about.
In Pi-Hole look for Local DNS Records
to add your own suff
Simply a NAS with Samba connections from all local clients.
I probably have something set up incorrectly, but I get no jellyfin when the internet goes down. My jellyfin is on one of those n100 beelink boxes which can't seem to use the 2.5 ghz ethernet when this happens. I can access it from a browser (with no other web pages available)on the box itself, but it doesn't want to send it out to the network to my roku. That's happening right now.
Plex allows this as long as you set whatever devices local IP on the allow without authorization list. I also know that plex just gets shit on the fediverse. Jellyfin doesn’t have local allowance baked in? I’ve never used it.
Jellyfin doesn’t have local allowance baked in? I’ve never used it.
Nope and that is also not needed, since it's not a cloud dependent service.
What? I’m confused by the question the OP asked if it’s just automatically that way.
OP uses tailscale to connect to everything and not his local connection.
Which is really weird IMO.
If you want to run everything over a VPN, you're going to have issues when the internet goes out. Use VPN as a fallback or to get around CGNAT, not as a primary way of routing everything.
Here's my setup:
- VPS runs WireGuard VPN and HAProxy forwards services through VPN to the relevant internal device
- router runs DNS server and routes my domains to local addresses
- TLS is handled on the device that serves the content for whatever service it is
So when I connect on my LAN, my router just points the domain to the machine running Jellyfin and I get all the goodness of TLS. When I connect outside my LAN, my VPS tunnels TLS through the WireGuard VPN to get around CGNAT and I get all the goodness of TLS. So it doesn't matter where I connect, I use the same URL and get TLS.
It probably does tbh, I'll have to check the documentation to double-check though. Anything that isn't foss tends to get a handful indeed; Jellyfin genuinely is a better experience than Plex imo.
I know for me I had to give Plex the local IPs to force local streaming because it would try to stream remote even on local network.
Jellyfin doesn't need any particular setup to work directly from LAN because it doesn't ever try to use a central login provider the way Plex does.
The only reason OP is struggling with it is because they set it up so that they can only connect to it via Tailscale.
I’ll prolly give it a shot at some point. I bought lifetime plex long before jellyfin was a thing. Is there an experience similar to plexamp? It’s too good.
I have a NFS and Samba share to my NAS. And Jellyfin exports things via DLNA / UPnP so there is always a local route to the storage. Also I've set the IP address of the server in the /etc/hosts file of my router. So even when internet is down, the DNS can resolve it.