9
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 30 Jan 2024
9 points (90.9% liked)
Jellyfin: The Free Software Media System
5802 readers
38 users here now
Current stable release: 10.10.3
Matrix (General Information & Help)
Matrix (Off-Topic) - Come get to know the team and blow off steam!
Matrix Space - List of all the available rooms on Matrix.
Discord - Bridged to our Matrix rooms
founded 4 years ago
MODERATORS
You didn't expose it to the internet right?
What's the issue? I've run mine exposed for several years...
That's not a good idea as the internet if full of bots trying to compromise you. It might be fine for a while but when they find a weakness they strike.
You may of already been compromised.
Does jellyfin have known vulnerabilities for bots to exploit? It's been up for several years with, afaik, no problems.
System has usual steps taken to harden it, JF is behind an apache proxy, letsencrypt handles ssl certs, fail2ban is running, and users are required to have strong passwords with no option to reset or self-register.
It sounds like you've at least taken some steps to harden. For me it is trivial to use a VPN so that's what I do.
A VPN would not be practical for my situation, as the instance is used by various family members and friends. I'm happy for them to use my JF instance but I'm not providing VPN services as well.
If you're not referring to any specific vulnerabilities in JF then I feel confident there are no exceptional risks from allowing web access to JF? Just the usual ones?
You don't need to give them access to a internet connection, just the local device. There are many options for this including Netbird, Tailscale, and just plain old wireguard.
That's overly complicated for some of the users - most of them aren't very tech savvy, and they're watching via all kinds of devices - TV's, iOS, Kindle, etc.
I don't see any major security reason for access requiring a VPN. Are there particular vulnerabilities that you're concerned about, or just those that generally come from having a web-facing service?