Comment on Will this Jellyfin configuration expose me to security risks?
Mordikan@kbin.earth 2 days ago
I would only expose a port to the Internet if users other than myself would be needing access to it. Otherwise, I just keep everything inside a tailscale network so I can access remotely. Usually I believe people put a reverse proxy in front of the Jellyfin server and configure your certificates from there. So Jellyfin to proxy is insecure and then proxy to internet is secure. Lets Encrypt is an easy way to do that. And if you are going to expose a port you definitely want fail2ban monitoring that port.
If using tailscale funnels, you can technically skip the certificate part as that's done for you, but that would take away from the learning experience of setting up a proxy.
ryanpdg1@lemmy.ca 1 day ago
To add to the idea of using tailscale. I’ve been using tsdproxy for a while now and it’s outrageously easy to set up.
The reason I’ve gone this route is that I feel like it gives me a bit more control over who is in my network and what they can get to.
Each service gets a funny name address and I get to share that specific service with other people who also have tailscale. Then if they get on my nerves or something, I can stop sharing that specific service and they can figure it out on their own.