Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
So far I’ve seen WAN leases expire after a long time, say months, or quarter year, so is doable. If becomes an issue I’ll work with them on a VPN solution but is a pain for non-technical users or non-supported hardware. That’s also why I explain “use from your home network only”.
What’s your concern about running it behind a reverse proxy, like caddy or nginx?
I don’t consider Jellyfin a fully secure and audited application to host, unsecured endpoints come to mind, that and the less exposed to the whole internet the better.
https://github.com/jellyfin/jellyfin/issues/13987
Things like these scare me:
https://blog.lastpass.com/posts/notice-of-recent-security-incident
https://www.androidpolice.com/lastpass-breach-plex-update/