Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Depends on what you mean by “secure.” My personal setup is Jellyfin LXC on proxmox --> Wireguard to VPS -> Nginx reverse proxy on VPS.
This setup relies somewhat on Jellyfin’s auth, but I’m comfortable with that risk. The LXC is blocked from sending local traffic on my network by firewall rules. Yes, someone could exploit a vulnerability in Jellyfin (though looking through the CVEs I’m not overly worried about that), then escape the LXC and fuck with my server. But that’s a lot of work for no profit.
For more protection (in sense of reducing traffic that even interacts with your server), I’d recommend getting a wildcard cert for the domain so that the actual subdomain jellyfin is on is undisclosed to anyone not using your service.
Security isn’t about making everything impregnable, it’s about making attacks more trouble than they’re worth. Otherwise, we’d all live in fortified bunkers surrounded by landmines. 🙃
How much bandwidth is used via the VPS in this instance? I’ve seen most VPS in the USA have a limit of 1TB of bandwidth.
How many users are you sharing with?
I know Hetzner does 20TB bandwidth, but that is only EU servers as far as I know.