This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
Surely has some overlap. You want to open other ports, you want to make sure permissions are properly set on the host machine… What else? HTTPS/SSL to avoid someone in the middle grabbing your password and accessing your media?
Regardless, I’ll look into tailscale. A VPN would have lots of other uses, as there are other applications I would like to use remotely that I don’t want to expose to the internet.
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
Don’t expose Jellyfin to the internet
This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
“Know what you’re doing”
And
“Forwarded a port to jellyfin”
Surely has some overlap. You want to open other ports, you want to make sure permissions are properly set on the host machine… What else? HTTPS/SSL to avoid someone in the middle grabbing your password and accessing your media?
Regardless, I’ll look into tailscale. A VPN would have lots of other uses, as there are other applications I would like to use remotely that I don’t want to expose to the internet.
Why not? Have had it accessible via the Internet for 4+ years without incidents
What makes you so sure you haven’t been breached? There have been major security flaws over time.
Well, I do want to actually use it though and have my friends be able to use it just as well.
You really don’t. There are plenty of other solutions. If nothing else you could whitelist there ISP instead of allowing all traffic.
Why not? What precautions would you need to take before doing so?
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
Also you could use SSH that’s been properly secured