Hi everyone,
a couple of friends and I have a Jellyfin server running which is exposed to the internet via a reverse-proxy and https by using a free dynDNS provider.
The setup is working fine besides the dynDNS provider. We constantly face connection issues, making the dynamic DNS functionality very unreliable.
So I started looking into possible solutions and one particular would be to buy an own domain which would only cost a few bucks each month. With this I could keep the current setup and would just need to change the domain (and possibly the SSL certificate). I found a provider over which I could buy (rent?) a domain and which also provides dynDNS functionality. But I am not too sure if I understood this correctly:
- if I have an own domain, why would I need the additional dynDNS functionality? I would guess that I would just continue updating your server’s IP address to the domain name like we are doing now
- can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.
- is there a better way of obtaining and setting up your own domain also in terms of privacy and reliability than with a bigger company offering such services?
Thanks a lot for your feedback!
Edit: An important fact I forgot to add in my main post is that during these issues, the general server connection should be fine since it is located at a friends house and his internet connection is unaffected (e.g. we could still talk in Discord normally and he had no internet issues whatsoever)
You must log in or register to comment.
Dyndns really shouldn’t affect your connection, as long as you have a local client that updates your record automatically.
I use jellyfin together with caddy and it was pretty seamless to setup. I configured the caddyfile to redirect my incoming domain to my local ip and the rest worked automatically. It sets up a legitimate certificate for the domain using lets encrypt and automatically renews it.
When you have an encrypted connection, the isp can’t see what is being sent between you and the webserver. They can however see your dns-requests unless you have dns over encryption enabled.
The only security measure beyond keeping things up to date that i would recommend is to have a geo-blocker enabled for incoming traffic to your network.
Thanks, yes I also use a script that constantly sends the current IP address to the dynDNS provider. I could be completely wrong, but the internet connection of my friends house where the server stands is fine even during these connection issues. So I would blame the DNS resolution, but it is also my first time running a server.
If you have a static IP where you host your jellyfin service you shouldn’t need your dydns anymore.
a domain provider doesn’t know what you are doing. It knows you want to access jellyfin.your.domain but has no clue what you are watching or the specific URLs you are going to.
Think of it like a library reference card, the library knows you want Encyclopaedia Britannica volume 12, but they don’t know what you are actually looking up.I have a domain with porkbun and dont have issues. When my reverse proxy needs a new certificate I do nothing because Traefik uses the porkbun API to do the Let’s Encrypt DNS validation.
Even if you have a dynamic IP it’s trivial to set up automatic DNS updates with a good provider that has an API to do it.
Can you explain the connection issues? Dynamic dns services aren’t much different than a normal domain name.
If the problem is with your ip address changing then you need to get a more permanent ip.
In fact you can usually get a domain name from the dynamic dns provider and they can update it.
A way around this is to use a service like Tailscale. Their ip address for your host won’t change. The downside is you need to be on von to access it. There might be other options.
The server is running at my friends house who has a fiber connection. When we face these connection issues, it does not necessarily mean that all of us cannot access Jellyfin but often times only a couple of us cannot access (same error as if you mistype a web-address, so it cannot resolve the domain name). During these periods of connection issues, the internet connection of my friend is working completely fine. I have a script running that constantly sends the current IP address to the dynDNS provider. I also looked into how often our ISP changes the IP address and it is not very often and not during these issues.
A different domain name won’t fix the issue you’re describing.
You are probably better off using something like Tailscale. You don’t need to expose your system with a reverse proxy then.
It’s possible that, when the ISP revokes the public address and assigns a new one, the DNS record isn’t updated immediately and still points to the old address. Then every new request would be sent to the old, invalid address.
And this is where I start shilling for Tailscale. It’s a Wireguard-based mesh VPN that is designed to work from behind firewalls, NAT, and CGNAT. It has its own internal split DNS provider, and probably some mechanism to handle public address changes that is transparent to the tunnelled traffic. You can use it to share the server with only the devices that have the client installed, or expose the server to the internet.
I’ve got it set up on my OPNSense firewall as a subnet router that advertises the subnet where my servers are, and often stream from Jellyfin over it. There’s some overhead, but it’s never been disruptive.
It’s possible that, when the ISP revokes the public address and assigns a new one, the DNS record isn’t updated immediately and still points to the old address. Then every new request would be sent to the old, invalid address.
I’ve got it set up on my OPNSense firewall
OPNsense has ddclient built in which solves this problem as well.