For people asking for a way to run 2fa on jellyfin i have a solution. I will elaborate more if people are interested as not writing a guide for no reason. This method allows users to simply use their login credentials into the default jellyfin login page, and 1 second later your DUO app on your phone will buzz for a confirmation to sign-in. (meaning no redirects and this method 100% compatible with all clients)
install the LDAP plugin on jellyfin. install Authentik in your server with docker. create a DUO security account. in short, jellyfin query’s your Authentik LDAP server for ther user login, then LDAP will query DUO.
Unfortunately, DUO only allows 10 users with the free account, then you have to pay extra. of course with this method you are not bound to only use DUO, you could you a web-auth with your phones bio-metrics to sign-in instead of DUO. there are many ways you could query the users phone through Authentik, but DUO is the most continent.
Sorry, it’s a bit early in my day, but I’m interested.
Could you elaborate on how tailscale acts as an access gate?
How is the balance between security and convenience when using tailscale?
(Full disclosure, I’m an idiot, but willing to learn)
Nutbutter sort of covered it.
The security/convenience tradeoff of tailscale is pretty good if you want to access a service from anywhere, but only from your own devices and only from supported operating systems (Linux, windows, OSX, android… not sure about iOS). It is another networking layer, which can be mind-bending… but as much as such a layer can be easy to use… tailscale is as easy as any of them.
This see sentence is nonsense though.
There is very little to fear from Tailscale as a provider, and they support the headscale project if you want to go that route (which I do… but not because I am concerned about Tailscale’s integrity or security posture).