this post was submitted on 14 Jun 2023
20 points (100.0% liked)

Selfhosted

573 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Resources:

> Any issues on the community? Report it using the report flag.

> Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
20
Want to run Jellyfin server. For only me and family. Want it to be remote accessible to listen to music or watch shit away from home. (sh.itjust.works)
submitted 1 year ago by Frylock@sh.itjust.works to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

When I see this sort of thing, and other people are trying to do it, a reverse proxy or vpn is always mentioned. Heres my question:

How Dangerous is it to just open the port for it on my router and access it like that?

Lets say i want to access jellyfin from Kodi on my xbox or something outside my network, the vpn solution wouldnt work for this i would think.

My issue with reverse proxies, and why im asking, is it seems less secure? I mean Im well aware that an IP is easy to get, i guess. But how likely is someone to look for something on my network specifically? With reverse proxies it seems like i would be broadcasting my server to the internet in a way its easier to happen across, than someone being interested in a random residential IP.

I run a minecraft server for friends on my main computer anyway, and i know tons of people do that, theoretically thats the same level of danger as opening my network for jellyfin specifically.

VPN isnt an option because of this xbox stuff i mentioned and people in my family who have 0 chance of understanding it regardless.

So what is the better option, going through this reverse proxy ( which im actually also unsure would work with kodi) or rawdog the server on my network. I guess leaving the server exposed? or every device even.

you are viewing a single comment's thread
view the rest of the comments
[–] macgregor@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

So I have jellyfin deployed to my kubernetes home lab, router port forwarded to the ingress controller (essentially a reverse proxy) on the cluster. So exposed to the internet. Everything on it has authentication, either built in to the application or using an oauth proxy. All applications also have valid SSL configurations thanks to the reverse proxy. I also use cloudflare DNS with their proxy enabled to access it and have firewall rules to drop traffic that hits port 80/443 that doesn't originate from those cloudflare proxy ips (required some scripting to automate). It drops a lot of traffic every day. I have other secuirty measures in place as well, but those are the big ones.

So yeah, if you expose your router to the internet, its gonna get pinged a lot by bots and someone might try to get in. Using a VPN is a very simple way to do this securely without exposing yourself and I'd suggest going that route unless you know what you're doing.