I built a secure, self-hosted media streaming server using Jellyfin and Tailscale, all running from my macOS machine. Now I can stream movies, TV shows, and music from anywhere — without subscriptions, ads, or exposing anything to the public internet.
I wanted a simple, private way to enjoy my media on all my devices — at home or on the go. With this setup, everything stays under my control: no third parties, no data collection, just me and my content.
| Tool | Purpose |
|---|---|
| Jellyfin | Open-source media server |
| Tailscale | VPN for secure remote access |
| WireGuard | Encrypted mesh network (via Tailscale) |
| macOS | Host machine for the server |
| Port 8096 | Default Jellyfin web interface port |
| Component | Description |
|---|---|
| OS | macOS 10.15+ |
| Hardware | Intel i5 / Apple M1, 8 GB+ RAM |
| Storage | Local or external (for media) |
| Network | Wi-Fi or Ethernet + Tailscale VPN |
| Dependencies | .NET 6+, Tailscale, Homebrew (optional) |
I downloaded the .pkg installer from jellyfin.org/downloads, installed it like any other app, and launched the server.
I accessed it from my local browser at:
Here’s what it looked like once it was up and running:
I organized my files into folders like:
~/Media/Movies
~/Media/TVThen, in the Jellyfin dashboard, I went to Dashboard → Libraries → Add Media Library and linked those folders.
Here's the library setup in action:
I installed Tailscale from tailscale.com/download, logged in with my account, and added my Mac as a device in my private mesh network.
Once it connected, I grabbed the Tailscale IP from the app:
From any of my other devices (with Tailscale installed), I could now connect to:
http://100.x.x.x:8096To make it even cleaner, I enabled MagicDNS and used:
http://your-mac-hostname.ts.net:8096| Location | URL |
|---|---|
| Localhost | http://localhost:8096 |
| Same Network | http://<your-local-ip>:8096 |
| Remote (VPN) | http://100.x.x.x:8096 |
| MagicDNS (opt.) | http://your-mac-hostname.ts.net |
| Task | Status |
|---|---|
| Jellyfin accessible locally | ✅ |
| Libraries created and scanned | ✅ |
| Remote access with Tailscale | ✅ |
| Streaming from mobile & smart TV | ✅ |
| MagicDNS for cleaner URL (optional) | ✅ / ❌ |
- No open ports or public IPs
- All traffic routed through encrypted WireGuard tunnels (Tailscale)
- Jellyfin uses user authentication
- Tailscale ACLs restrict which devices can reach the server
| Device Type | How I Use It |
|---|---|
| Desktop | Web browser, MPV, VLC |
| Phone/Tablet | Jellyfin app or web browser |
| Smart TV | Jellyfin TV app, DLNA client, Plex app |
| Feature | What It Did |
|---|---|
| Auto-start on login | Ensures Jellyfin + Tailscale run always |
| Plugins & themes | Metadata tools, intro skip, UI tweaks |
| Shared access | Family can stream over Tailscale safely |
This project taught me a lot about:
- Hosting and managing a personal server
- Securing remote access via mesh VPN
- File organization and metadata handling
- Network configuration on macOS
- Troubleshooting cross-device compatibility
What I ended up with is:
- ✅ A fully private, secure media server
- 🎬 A Netflix-like experience with zero subscriptions
- 🌍 Remote access with no port forwarding
- 💻 Full control over everything: users, content, and streaming
This project is licensed under the MIT License.
You're free to use, modify, and share it — personally or commercially.
Feel free to fork it, improve it for your own setup, or share with others!