What do you mean JellyFin is not designed to be Internet facing??? jellyfin.org/docs/general/…/networking/
Comment on Self hosting with subdomains
frongt@lemmy.zip 2 days agoDoesn’t matter. Any exposure risks compromise. From there, an attacker could pivot to read your data, mine cryptocurrency on your device(s), serve objectionable material, or other unsavory activities.
Even if you have authentication enabled, not all APIs require authentication. Jellyfin in particular is not designed to be internet-facing. And even if it does require authentication, authentication bypass attacks are a thing.
Magnum@infosec.pub 2 days ago
Appoxo@lemmy.dbzer0.com 2 days ago
Designed meaning in that case intended to be exposed.
More of an internal thing.
VPNs on the other hand are designed to be exposed. Same with some ssh servers or reverse proxies like traefik, nginx etc.Magnum@infosec.pub 2 days ago
So you mean the JellyFin ports should not be directlly exposed, but self hosting and exposing nginx to forward the traffic locally to jellyfin is fine?
Appoxo@lemmy.dbzer0.com 1 day ago
Better rather than worse, yes.
Just need to be aware if what you expose and how and where.
VeganCheesecake@lemmy.blahaj.zone 2 days ago
… sure. Nothing here is wrong, but there’s ways to try and mitigate that. And then it’s kinda an arms race, and vigilance.
jtzl@lemmy.zip 2 days ago
If you really want to secure your computer, encase that puppy in concrete (after disconnecting it from power),