This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
Also you could put it behind a more secure service such as SSH or Wireguard. If nothing else you should restrict access to just the IP ranges used by your friends.
Don’t expose Jellyfin to the internet
This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
Why not? Have had it accessible via the Internet for 4+ years without incidents
What makes you so sure you haven’t been breached? There have been major security flaws over time.
Proper precautions and monitoring.
Why not? What precautions would you need to take before doing so?
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
Also you could use SSH that’s been properly secured
Well, I do want to actually use it though and have my friends be able to use it just as well.
You really don’t. There are plenty of other solutions. If nothing else you could whitelist there ISP instead of allowing all traffic.
What solutions? Especially what solutions that don’t cost me money and are not overly difficult to implement?
Tailscale is free
Also you could put it behind a more secure service such as SSH or Wireguard. If nothing else you should restrict access to just the IP ranges used by your friends.