I have my JellyFin on a dedicated server outside my home. I use a domain, with and SSH certificate. Before I moved to the domain and the cert I just had an IP:Port setup. At that time JellyFin worked perfectly fine with the windows app, but after moving to the domain and adding an SSH cert, it no longer wants to connect. It works perfectly fine in FIreFox though, so I’m curious if it’s worth trying to figure out why it won’t work in the app, or is using FireFox just as good.

  • stom@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 months ago

    Does jellyfin have known vulnerabilities for bots to exploit? It’s been up for several years with, afaik, no problems.

    System has usual steps taken to harden it, JF is behind an apache proxy, letsencrypt handles ssl certs, fail2ban is running, and users are required to have strong passwords with no option to reset or self-register.

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      It sounds like you’ve at least taken some steps to harden. For me it is trivial to use a VPN so that’s what I do.

      • stom@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        A VPN would not be practical for my situation, as the instance is used by various family members and friends. I’m happy for them to use my JF instance but I’m not providing VPN services as well.

        If you’re not referring to any specific vulnerabilities in JF then I feel confident there are no exceptional risks from allowing web access to JF? Just the usual ones?

        • Possibly linux
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          You don’t need to give them access to a internet connection, just the local device. There are many options for this including Netbird, Tailscale, and just plain old wireguard.

          • stom@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            That’s overly complicated for some of the users - most of them aren’t very tech savvy, and they’re watching via all kinds of devices - TV’s, iOS, Kindle, etc.

            I don’t see any major security reason for access requiring a VPN. Are there particular vulnerabilities that you’re concerned about, or just those that generally come from having a web-facing service?