The general jist is, do not expose Jellyfin to the internet. Neither via a port nor through a reverse proxy. Its simply not build secure enough for that.

Use docker to make the setup easier, then use tailscale or whatever VPN solution to allow users from outside your network to access it.

All of the additional authentication solutions mentioned break client compatibility. Then you could only watch through a browser.

Install docker, deploy Jellyfin to it, test it. They both have good guides on their respective websites.