Best I’ve done so far is crowdsec + pangolin geoblocking to just my country. I cant install tailscale subnet routers at all my friends to get their TVs to work. Non starter.
I’m on your side. I don’t really see the difference hosting Jellyfin or Plex to the internet.
If you want max security and headache for jellyfin, set up a VPN like they say, otherwise keep it exposed, It’s very unlikely for your server to be targeted and It hasn’t been worth the hassle for me.
Edit: well not directly directly, do the minimum and put it behind a reverse proxy that adds HTTPS of course, but thats recommended in the docs so yah
I mean, the worst that could happen is they delete everything on the server and I have to spend time restoring from a backup. Not exactly the riskiest thing to do.
I am using a non-privileged user on jellyfin.
Admin stuff needs to be done with a hidden user.
I might should be bothering to do rootless docker at some point…
depending what is on it, and your risk factor, theoretically an attacker can check known resource paths to confirm or deny whats on the server. That’s my main complaint currently on it is that the jellyfin team is aware of the fact that it doesn’t need authentication, but are looking for some miracle solution that won’t toss legacy clients out in order to fix, so therefore the issues are just perpetually open.
edit: it looks like some of these issues may be being worked on now that they moved the problemic protocal into a plugin. I hope that that means they will close them in the next few releases!
VPN is the safest way for most, but if you do want to expose it to the internet just blacklist all IP’s and whitelist the known few, maybe slap Fail2Ban on it but honestly doesn’t make much of a difference.
Jesus fuck.
Time to learn how to safely expose Jellyfin, I guess.
Best I’ve done so far is crowdsec + pangolin geoblocking to just my country. I cant install tailscale subnet routers at all my friends to get their TVs to work. Non starter.
VPN. There is no safe direct option.
I’ve had my instance open to the internet for about two years with no issues.
I’m on your side. I don’t really see the difference hosting Jellyfin or Plex to the internet.
If you want max security and headache for jellyfin, set up a VPN like they say, otherwise keep it exposed, It’s very unlikely for your server to be targeted and It hasn’t been worth the hassle for me.
Edit: well not directly directly, do the minimum and put it behind a reverse proxy that adds HTTPS of course, but thats recommended in the docs so yah
So far. That you know of.
I mean, the worst that could happen is they delete everything on the server and I have to spend time restoring from a backup. Not exactly the riskiest thing to do.
Well, the worst that could happen is they start hosting CSAM out of your house and then the FBI knocks on your door.
Ok, fair enough. I don’t think that’s likely though.
No. More likely is an automated botnet mining cryptocurrency or running a DDoS. That’s usually what happens.
Don’t forget automated tools of rights holders like Sony scouring your server and finding that Spiderman.3.bluRay.MKV, suing you for infringement
I am using a non-privileged user on jellyfin.
Admin stuff needs to be done with a hidden user.
I might should be bothering to do rootless docker at some point…
depending what is on it, and your risk factor, theoretically an attacker can check known resource paths to confirm or deny whats on the server. That’s my main complaint currently on it is that the jellyfin team is aware of the fact that it doesn’t need authentication, but are looking for some miracle solution that won’t toss legacy clients out in order to fix, so therefore the issues are just perpetually open.
edit: it looks like some of these issues may be being worked on now that they moved the problemic protocal into a plugin. I hope that that means they will close them in the next few releases!
VPN is the safest way for most, but if you do want to expose it to the internet just blacklist all IP’s and whitelist the known few, maybe slap Fail2Ban on it but honestly doesn’t make much of a difference.
Traefik’s DDNS Allowlist plugin works great for such a task.
Setup up tailscale and run jellyfin and your services all through it and you’re good.
Great; how do I do that on a Roku streamer?