I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Scary le Poo@beehaw.org · 1 year ago

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

paperemail@links.rocks · 1 year ago

Not unless the reverse proxy adds some layer of authentication as well. Something like HTTP basic auth, or mTLS (AKA 2-way TLS AKA client certificates)

For nginx: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

so if I add a user ”john” with password “mypassword” to video.example.com, you can try adding the login as: “https://john:mypassword@video.example.com”/

Most HTTP clients (e.g. browsers) support adding login like that. I don’t know what other jellyfin clients do that.

The other option is to set up a VPN (I recommend wireguard)

Saik0@lemmy.saik0.com · 1 year ago

Not unless the reverse proxy adds some layer of authentication as well.

This is correct. However I’d want to add, that this will break EVERY app-based access of jellyfin which defeats the purpose for a lot of people. Adding auth in front of jellyfin will work and allow you to use the web client only.

You kind of touched on it… I wanted to make it clear.

VPN would be a better more interoperable answer for most cases, you’ll still be stuck on devices like WebOS on LG tvs, or roku devices, or others that don’t have the ability to install vpn clients.

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

I don't know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Collection of potential security issues in Jellyfin · Issue #5415 · jellyfin/jellyfin