Will this Jellyfin configuration expose me to security risks?
from compostgoblin@lemmy.blahaj.zone to selfhosted@lemmy.world on 11 Aug 15:26
https://lemmy.blahaj.zone/post/30188487

Here’s my proposed configuration:

Is there anything I’m missing? Do I need Lets Encrypt or fail2ban?

#selfhosted

threaded - newest

illusionist@lemmy.zip on 11 Aug 15:51 next collapse

Yes, you need TLS

compostgoblin@lemmy.blahaj.zone on 11 Aug 16:09 collapse

Thank you! What is the most beginner-friendly way to do that?

I’ve been trying to figure this all out for so long, but it feels like every time I overturn one stone I discover there’s another setting or program I need to configure that I didn’t know about

illusionist@lemmy.zip on 11 Aug 16:37 collapse

Install caddy. Check that it works. Get to know what a firewall is. How it works. Forward your ports from router to the machine. (I use cockpit (preinstalled on fedora) to configure my firewall)

Use a caddyfile with the content

sub.domain.com {
    reverse_proxy 192.168.178.192:8080
}

Replace 192.168.178.192 with the ip. And 8080 with the port and your domain obviously.

That’s it.

Shimitar@downonthestreet.eu on 11 Aug 16:03 next collapse

I would secure it behind a good reverse proxy with letsancrypt https certificates…

Check here wiki.gardiol.org/doku.php?id=services%3Ajellyfin the NGINX section.

frongt@lemmy.zip on 11 Aug 16:28 collapse

If it’s on the Internet, yes.

Given the state of the Internet, you should keep a healthy level of paranoia. I always recommend exposing as little as possible, and that means using only a VPN and not putting jellyfin itself on the Internet.

compostgoblin@lemmy.blahaj.zone on 11 Aug 16:45 collapse

Oh, the healthy paranoia isn’t the issue haha

I just want to be able to figure out how to configure my system to be able to safely expose a single service for my use away from home. Because I’d like to eventually expand from Jellyfin to Nextcloud and Vaultwarden as well, but I know I’m not there yet