Comment on How to secure Jellyfin hosted over the internet?
Batman@lemmy.world 3 weeks ago
I am using tailscale but I went a little further to let my family log in with their Gmail( they will not make any account for 1 million dollars)
Tailscale funneled Jellyfin Keycloak (adminless)
Private Tailscale Keycloak admin Postgres dB
I hook up jellyfin to Keycloak (adminless) using the sso plugin. And hook Keycloak up (using the private instance) to use Google as an identity provider with a private app.
lambda@programming.dev 3 weeks ago
SSO plugin is good to know about. Does that address any of the issues with security that someone was previously talking about?
Batman@lemmy.world 3 weeks ago
I’d say it’s nearly as secure as basic authentication. If you restrict deletion to admin users and use role (or group) based auth to restrict that jellyfin admin ability to people with strong passwords in keycloak, i think you are good. Still the only risk is people could delete your media if an adminusers gmail is hacked.
Appoxo@lemmy.dbzer0.com 3 weeks ago
I set mine up with Authelia 2FA and restricted media deletion to one user: The administrator.
All others arent allowed to delete. Not even me.