Wow that looks great.
eddie
joined 1 year ago
That's where nginx security options and other tools like fail2ban come into play. I could've mentioned it better in my first sentence but a reverse proxy gives the capability to make it more secure than any options jellyfin will give you.
I'd rather put nginx with modsecurity in front of jellyfin than not.
So the reason you'd want a reverse proxy is because it handles security and would do a much better job of it than an exposed jellyfin port.
Public FQDN -> your home IP -> your router allows 443/whatever to your reverse proxy -> it handles SSL and being hit by the internet (look into nginx security and even fail2ban) -> proxy serves up whatever insecure site/app you'd like.
We solved this with a local service account that has sudo permissions. You can try become_user and become just on the task as needed.
become_user
set to user with desired privileges — the user you become, NOT the user you login as. Does NOT imply become: true, to allow it to be set at host level. Default value is root.
This is all spot on advice. The motherboard and case manual should be open and nearby as you build the pc.
Seems easy to replace