No awards are needed, just wanted to share my excitement that while my Jellyfin server still keeps loosing my entire library every 24 hours at least now it has a domain and ssl cert!

That is all. Happy Friday everyone

  • RunningInRVA@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 days ago

    None of these are client certificates btw. These are just ways to have your server use TLS encryption with any client that connects but it offers no authorization. If you want authorization with client certificates you need to implement mTLS (Mutual TLS).

    • tux7350@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 days ago

      Oooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.

      Any good resources / insight into mTLS? I appreciate the response btw!

        • tux7350@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          14 hours ago

          Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.

          Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.

          Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.

        • tux7350@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 days ago

          Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.

          But yeah I know how to fucking Google lol