Comment on Plex has paywalled my server!
skoell13@feddit.org 2 months agoThis is how I do it: codeberg.org/skjalli/jellyfin-vps-setup
My primary worry for this is that something in the jellyfin stack gets an open vulnerability, like there’s an overflow you can use on a post call to a piece of media allowing remote code execution.
Tautulli had a leak once that provided the user’s private token. Then there was a way in Plex with a private token to pull data from elsewhere on the server. That’s how LastPass got nuked I hear.
I get you and I know that there can be security issues (especially in Jellyfin) that might give you access. This is the reason I only mount the media and config folders, and nothing else into the docker container. The media folders are mounted as read only and don’t contain sensitive information. For the config folder I created a separate user. Plus I block non-German IP addresses which already blocks quite some bots. If your friends have fixed IP addresses you could also just whitelist them and block everything else.
You could also probably sniff the network and define more strict rules on ‘allowed’ requests in fail2ban but this is bridle because requests might change with different versions.
They actually do a small login f2b effort right in JF, but it appears to be quite limited.
The container is more secure by default, and if people set up their docker well it reduces the dangers substantially. A lot of people don’t go docker though.
Yeah the link I posted does everything via docker and explains what should be mounted and how.
Thanks. That’s well laid out, straightforward. I have resources at home that I want to share. This is a good blueprint.
haui_lemmy@lemmy.giftedmc.com 2 months ago
That is pretty much how I imagined it. Sadly, its A TON of work. I have most of this set up in many VPSs for both me and customers (with other services of course) and I can imagine its probably the best solution. I still hate my life when thinking of implementing it. :D I bet its gonna be easier than I think but you may get my point here. Thank you very much for sharing.
skoell13@feddit.org 2 months ago
Hell I know what you mean, it was so much trial and error until it worked, hence this guide/template to help others. Plus at some point it feels more like work than a hobby 😅
haui_lemmy@lemmy.giftedmc.com 2 months ago
You’re an absolute champ! Thanks for walking the walk. Its refreshing meeting people who do stuff. Feel free to check out my kodi peertube app at some point ;)
WeAreAllOne@lemmy.dbzer0.com 2 months ago
Or just get a Mikrotik router and run Back to Home and baaam you got a similar to tailscate fuction with 3 clicks.
haui_lemmy@lemmy.giftedmc.com 2 months ago
Yeah, or not.