Submitted 7 hours ago by HurlingDurling@lemmy.world to selfhosted@lemmy.world
No awards are needed, just wanted to share my excitement that while my Jellyfin server still keeps loosing my entire library every 24 hours at least not it has a domain and ssl cert!
That is all. Happy Friday everyone
I do also have a zero trust network. Zero friends= zero trust
Lol.
Still got the library issue, eh? Gonna have to just turn off services/apps/processes until you find the culprit.
lol, yeah. Gitea is next on the list, but I don’t have much more I’m afraid, Immich and Nextcloud are critical apps for me, so if it isn’t gitea or minecraft, then I might just setup a new server out of an old laptop to be my Jellyfin server and migrate my library there.
Are you losing your library on reboot?
Can you spin up a VM or a docker image?
I’ve done this when services misbehave, and just migrate the DB over (Syncthing in particular).
You didn’t expose it to the internet right?
If you want remote access setup client certs
What’s wrong with exposing Jellyfin to the internet?
There are a few security issues with it, but all of the worst known issues require a valid login token. So an attacker would already need to have valid login credentials before they could actually do anything bad. Things like being able to stream video without authentication (but it requires already having a list of the stored media on the server, which means you have been logged in before). Or being able to change other users’ settings (but it requires already being logged in to a valid user).
How?
Ya got three options.
Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.
Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.
Option C is to buy a certificate from your DNS provider aka something like cloudflare.
IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.
I like helping and fixing stuff, if you’d like to know anything just ask :D
Kleopatra
Brkdncr@lemmy.world 7 hours ago
a domain and cert doesn’t equal zero trust network.
chaospatterns@lemmy.world 3 hours ago
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.