Hi All,
I was hoping to get some advice on my new media stack. I am a bit of a Newbie when it comes to this, and I am a little bit confused at the final step of this. I recently bought a new Raspberry Pi 5, which I am using as the media stack. On this I have Radarr, Sonarr, Jellyfin, Jellyseer, Prowlarr and qBittorrent installed using docker. I have also made sure that both Prowlarr and qBittorent are behind a VPN (using NordVPN if it matters).
This works fine locally, but I would like this to be accessible externally. The need for this is that I have some friends who want to access the media Server. The 3 options I have seen for this are:
a) Open the ports on your router. I know this is very unsecure, even with jellyfin IP whitelisting, so I dont want to do this.
b) Use a VPN. This would require giving my friends my login to tailscale/NordVPN mesh, and would be a real pain when using smart TV’s so would also prefer not to do this.
c) Use Nginx to create a weblink. This one I understand the least but I do have a domain using cloudflare. As far as I know though, this is against cloudflare TOS.
Am I missing any options here? and does anyone have any good guides on option 3 that wont break cloudflare TOS?
Thanks in advance.
VPN or reverse proxy
Tailscale
Isn’t that his second option? Do you have to give others access to your network and login to use the apps? Or how does it work?
You’re missing the easiest option of them all: Cloudflare tunnels. You don’t have to open any ports, your friends don’t need to install extra software and it’s free. I don’t know about the TOS but I wouldn’t worry to much because it’s only a couple of friends.
I suspect your friends probably don’t need access to your whole media stack.
What parts they do need access to, and from what type of devices, will determine the best approach.
Headscale/tailscale
Only one which can update policies on android.