Be Your Own Netflix
Much to friends’ dismay, I’ve dumped all my streaming services.
Why? Honestly, I feel like 95% of what is on these services is pure pablum, just crafted to keep you watching (or worse, scrolling between poor choices wasting time figuring out what to watch.).
The big issue is that every service has one or two must-watch shows or movies. And no one offers, mix and match subscription to simply watch just a few things between all of them. It’s frustrating, to say nothing of the other things I want to watch that aren’t on any service or impoosible to find (example: try to find the famous “blue suitcase” movie The Big Empty .). There’s other insidious effects about what is and isn’t remembered in our culture, but that’s a post for another time.
So, in line with my Information Diet principle, I thought less, and more quality was better. How do I easily select and curate the things I actually want to watch or sample versus the firehose of modern media production. To quote Dave Barry:
There apparently exists, somewhere in Los Angeles, a computer that generates concepts for television sitcoms. When TV executives need a new concept, they turn on this computer; after sorting through millions of possible plot premises, it spits out, ‘THREE QUIRKY BUT ATTRACTIVE YOUNG PEOPLE LIVING IN AN APARTMENT,’ and the executives turn this concept into a show. The next time they need an idea, the computer spits out, ‘SIX QUIRKY BUT ATTRACTIVE YOUNG PEOPLE LIVING IN AN APARTMENT.’ Then the next time, it spits out, ‘FOUR QUIRKY BUT ATTRACTIVE YOUNG PEOPLE LIVING IN AN APARTMENT.’ And so on. We need to locate this computer, destroy it with hammers.
I am convinced each of the streaming and Hollywood studios has these machines and they now apply them to far, far more than sitcoms.
So, I rolled my own curated service.
Here’s how you can, too.
Weirdly, I’ve found this has just made me better. A curated list of things I explicitly want to watch rather than an endless scroll of the everything, has made me much more deliverate about the TV and films I do watch and allowed me to focus on other things much more. I never understand people that complain they never have time to do anything but spend 3 hours watching sub-standard entertainment every night (and they are Legion).
The Pieces
All it takes is a spare low spec computer, a modern-ish TV, and a fast internet for sourcing (and a fixed IP and decent, router with security features if you want to make it all web-accessible.).
If you want to duplicate my setup, here are the pieces:
- An old computer or macbook mini you’re not otherwise using with a large 2
amount of disk space (mine has a TB). You will need to
dockerinstalled. - A modern(ish) TV (or old AppleTV) that can use Infuse or some other jellyfin or uPNP player to stream from the computer
- A router/firewall that allows port-forwarding
- DNS for a domain you control
- A source for video content
You could do this with a simple RaspberryPi running Linux and docker and a large amount of SSD or perhaps even SD storage. I used an old laptop I recently upgraded from. This should work almost anywhere. Check your internet plan to make sure you won’t break any caps based on the fact you’re going to be moving (and possibly streaming if you’re away from home) gigabyte video files.
The Setup
In case you’re uninterested in exposing your YouFlix to the rest of the world, let’s just set up the home entertainment option first and get this working with your internal network and TV.
Step 1: The Media Server — Jellyfin
As anyone who reads my annual Software tools posts knows, I am a huge fan of Jellyfin as a media server. I honestly do not know why more people are not gushing about this software and using it over paid options like Plex etc. It’s just better.
We’re going to be running the docker edition of Jellyfin so this works
everywhere. There is an OSX binary edition of this available, but the weird
things OSX does with its network loopback interface make setting up a reverse
proxy on it a bit of a networking and security nightmare, whereas running this
as docker containers makes everthing straightforward (and simple works. It’s
reliable. Secure. Robust.).
The setup is two simple container inside docker compose. One to handle
Jellyfin itself, and the other (optional) container handling the Traefik reverse
proxy to handle opening your network to the internet securely. Then you can
sping this service up and down with easy peasy fire and forget commands like
docker compose up -d and docker-compose down.
Adjust the docker-compose.yml config mounts to point at your media
directories where you want your video content stored. I have mine mapped to the
file shares I throw content onto from my local LAN and other machines (which is
really just my daily driver laptop that I move files from to the “server”.).
If you just want a local network version of this, comment out the traefik
section and you’ve got a LAN local Jellyfin container you can point your TV or
streaming player device at.
| |
The more complicated compose part of the file puts a reverse proxy in front of
your Jellyfin, and then will set up SSL viaLet's Encrypt and provide a
terminator for your subbdomain. Note that you need a valid email address at that
domain to set up the subdomain securely.
After setting that up, I’d also personally close port 80, even though this setup
also redirects all http traffic to https once set up.
For now, let’s just spin this up to make sure it works. Even without traefik
running and acting as the 443 terminator for your domain, this should spin up
jellyfun for you and allow you to log in and configure it on the IP address of
yor local machine at http://192.168.1.whatevs:8096.
Don’t open up port forwarding on your router or firewall just yet.
In case you were wondering, I set up my directories in /media like this:
| |
which maps to subdirectories I keep below ~/Movies on my OSX file system. You
can do the same thing with your linux subdirectories or what have you
(Information have not tested this on Windows, but if you can run docker and map
to local drives, this should work. Though personally if you have an old Windows
machine I think it would be a lot more secure to put a Linux distro on it to do
this.)
Docos for documentaries (I have a lot),Movies, and of course, episodic
Series (which Jellyfin handles really well) though throwing that under Shows
or TV as a directory is also legit.
I’d configure it now just to get everything set up and make sure it’s working locally.
Use docker compose up and then pont your browser at
http://192.168.1.whatevs:8096 to get everything configured and especially to
set up your core admin user (I also recommend setting the max login attempts
before lockout for the user if you are going to expose this to the internet -
something like 10 or so, if you are going to expose your system to the
internet.).
It’ll take a little time (depending on the speed of your machine and internet connection) to scan your library the first time and download images and metadata for all your media. You can watch the progress bar as that builds or go grab a coffee. Once it’s done though, that’s it. You’ve basically got a streaming media server. You could stop here and just watch everything over the web browser from your laptop, but what fun is that if you’ve got a ridiculously big tv or happen to be on the road and stuck in a hotel room with an internat connection but very bad local TV?
Step 2: Your Local TV experience
You can now already go to any browser on your LAN and the IP you have this at and log in and now get the full jellyfun media streaming experience from laptop, iPad, or even iPhone (one of my friends uses this to watch stuff on the bus in the morning on their iPhone.).
You can make this into an amazing home theatre experience though with a teeny bit of work. When I moved back from digital nomading last year and started renting again, a bad friend convinced me to buy an overly large tv, which dominates my living roomm but makes for an amazing theatree-sque experience. It was inexpensive but had a nice screen and sound, and connected to the network wirelessly. Most modern ones do (usually to give access to services or update their software, but we can use this to get streaming in place.). If not, you can fix this problem with a cheap streaming device plugged into this like an older Apple TV (recomemnded for the great UX and remote) or some Chromecast device.
From there, I pay about $12 a year for the Infuse TvOS client which has native Jellyfun support (and is kinda great and better than the native, free Jellyfun client though you can use that as well.). The other option is to use any native uPnP client to attach to the Jellyfin server as well to stream. You’ve got a lot of options depending on your TV, or streaming hardware.
In my case, the old AppleTV someone gave me way back has a fantastic one-thumb interface to navigate content on the TV from my comfy couch. You now have your own entertainment and media centre limited only by the content you put on there (and which I personally think works better than any of the streaming services I once paid for commerically.).
If you don’t want to (or can’t) stream to the TV, you can also go lower tech here and do what another friend of mine does, and just plug your laptop into the TV via an HDMI cable to get the big screen experience (note: sounds still comes from the laptop though).
I often do this while on the road and if I’m in a hotel which does not have or has locked down a streaming capability on their TVs or its internet access (sadly, quite common regardless of how much we seem to pay for hotel rooms these days.).
Step 3: Your own Streaming Service
OK, so let’s get a bit fancier and figure out how you can securely expose your streaming service so you can watch stuff when you’re not at home.
You need a bit of technical know-how here, but it’s actually much easier than you’d think and Traefik takes care of most of the heavy lifting with Let’s Encrypt integration and other niceties for security.
The first thing to note is that you want to keep port 80 open temporarily to allow Let’s Encrypt to handle the confirmation of the ssl certificate. After that is done you can close it like by commenting out the port 80:80 directive but leaving the 443 port in.
Disclaimer
Security is a bit of a concern here, as you are effectively opening your home network and firewall to the internet, so it pays to be careful. If you do not know what you are doing with ports and your firewall, do not attempt this. You could expose your entire internal network which is, well… bad.
That said, if you’re comfy with basic netowrking concepts and security, read on.
DNS setup
This is probably the easiest part. If you own a domain and want to provide a
nice, easy mnemonic place to find YourFlix, simply set an A record pointing to
a new subdomain like myflix.yourdomain.com with the fixed IP address you have
for your router from your internet provider (you can also do this with a
dynamic IP with a bit of work but it’s beyond the scope of this article). Make
sure you change the second labels: line in the jellyfish docker-compose.yml,
the one currently reading traefik.http.routers.jellyfin.rule=Host to the
subdomain you’ve given yourself.
Port Forwarding Your Router/Firewall
I prefer port forwarding here, but it’s ultimately up to you how you want to handle this, especially without setting up a DMZ for your internal network.
Port forwarding is slightly advantageous since you can tie the port that something comes through on to the precise IP of a machine on your network, which is better from a security perspective than opening a hole in your firewall to the internal LAN without controls, especially if you are not using a DMZ or other security practice on your local LAN.
Effectively, all packets for your internet facing firewall for port 443 get
forwarded directly to the docker that you have running on the IP of the machine
you specify. Then traefik picks that up as the terminator for the subdomain
you’ve created (it can also be an IP address) and flip requests over to jellyfin
on port 8096. Only the https port is exposed and barring major security issues
with traefik you are reasonably secure here.
How you do this varies broadly on what sort of router and firewall you have, so
I can’t help you much other than to offer some security words of wisdom and
illustrate my setup. I personally have a bunch of individually firewalled
machines on my local LAN (except the TV itself and a game console) behind my
deny everything inbound stateful router firewall, so the risks are quite low
for me with this setup.
The spare machine that jellyfin is on is also application
firewalled though I may also allow ssh from the outside for when I need to get
stuff onto the machine remotely or do admin work or scp transfers.
In any case, set your route rto port forward 443 directly to the internal IP of the
machine you set this up on (the http://192.168.1.whatevs`
or what have you).
And believe it or not, that’s about it. If you’ve done this properly, as soon as
your DNS change propogates you can point to https://myflix.yourdomain.com with
any internet connected device with a browser and you’ve got a secure, ssl
connection to your media library.
Fin
And that’s about as easy as I think you can make it. So far, this has been running 24/7 without issue and streaming to both my nice theatre-esque living room setup as well as over the internet when needed. I have to admit it has been completely hands-off and other than upgrading the docker to new version of jellyfin (once) has been completely hands-off other than throwing media on the drive.
More than that though, it’s just made me feel much more centred. I’ve got the things I want to watch and I don’t feel like I’m spending mental cycles or silly time just scrolling through the numerous services I previously had access to. It removes the “choics paralysis” problem completely.
Try it. It’s an easy morning or afternoon project and is pretty satisfying as a technical feat. Not to mention amazing your less-techie friends and family.
I hope you found this useful. If this post was and you end up adopting the yourflix approach, drop me a line and let me know, via mail or elephant below. If you have a better approach, tighter security, or think you have additions that might make this better, please holler. Feel free to mention or ping me on @awws on mastodon or email me at hola@wakatara.com .