this post was submitted on 14 Jun 2023
20 points (100.0% liked)

Selfhosted

573 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Resources:

> Any issues on the community? Report it using the report flag.

> Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
20
Want to run Jellyfin server. For only me and family. Want it to be remote accessible to listen to music or watch shit away from home. (sh.itjust.works)
submitted 1 year ago by Frylock@sh.itjust.works to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

When I see this sort of thing, and other people are trying to do it, a reverse proxy or vpn is always mentioned. Heres my question:

How Dangerous is it to just open the port for it on my router and access it like that?

Lets say i want to access jellyfin from Kodi on my xbox or something outside my network, the vpn solution wouldnt work for this i would think.

My issue with reverse proxies, and why im asking, is it seems less secure? I mean Im well aware that an IP is easy to get, i guess. But how likely is someone to look for something on my network specifically? With reverse proxies it seems like i would be broadcasting my server to the internet in a way its easier to happen across, than someone being interested in a random residential IP.

I run a minecraft server for friends on my main computer anyway, and i know tons of people do that, theoretically thats the same level of danger as opening my network for jellyfin specifically.

VPN isnt an option because of this xbox stuff i mentioned and people in my family who have 0 chance of understanding it regardless.

So what is the better option, going through this reverse proxy ( which im actually also unsure would work with kodi) or rawdog the server on my network. I guess leaving the server exposed? or every device even.

you are viewing a single comment's thread
view the rest of the comments
[–] eddie@fig.systems 3 points 1 year ago (1 children)

So the reason you'd want a reverse proxy is because it handles security and would do a much better job of it than an exposed jellyfin port.

Public FQDN -> your home IP -> your router allows 443/whatever to your reverse proxy -> it handles SSL and being hit by the internet (look into nginx security and even fail2ban) -> proxy serves up whatever insecure site/app you'd like.

[–] foonex@feddit.de 5 points 1 year ago (1 children)

A reverse proxy does not magically make an insecure app secure.

[–] eddie@fig.systems 3 points 1 year ago

That's where nginx security options and other tools like fail2ban come into play. I could've mentioned it better in my first sentence but a reverse proxy gives the capability to make it more secure than any options jellyfin will give you.

I'd rather put nginx with modsecurity in front of jellyfin than not.