The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
Surely has some overlap. You want to open other ports, you want to make sure permissions are properly set on the host machine… What else? HTTPS/SSL to avoid someone in the middle grabbing your password and accessing your media?
Regardless, I’ll look into tailscale. A VPN would have lots of other uses, as there are other applications I would like to use remotely that I don’t want to expose to the internet.
By “know what you’re doing” I mean “understand the consequences”. Anyone can follow a guide that tells them how to open a port on their router. Understanding that in doing so they’re potentially allowing every malicious actor into their home network is not so straightforward.
Don’t expose Jellyfin to the internet
Why not? Have had it accessible via the Internet for 4+ years without incidents
What makes you so sure you haven’t been breached? There have been major security flaws over time.
Proper precautions and monitoring.
Why not? What precautions would you need to take before doing so?
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
Also you could use SSH that’s been properly secured
Well, I do want to actually use it though and have my friends be able to use it just as well.
You really don’t. There are plenty of other solutions. If nothing else you could whitelist there ISP instead of allowing all traffic.
What solutions? Especially what solutions that don’t cost me money and are not overly difficult to implement?
This should not be downvoted. You should not expose anything straight to the internet unless you know what you’re doing. Use a simple service like Tailscale to create a locally accessible VPN.
“Know what you’re doing”
And
“Forwarded a port to jellyfin”
Surely has some overlap. You want to open other ports, you want to make sure permissions are properly set on the host machine… What else? HTTPS/SSL to avoid someone in the middle grabbing your password and accessing your media?
Regardless, I’ll look into tailscale. A VPN would have lots of other uses, as there are other applications I would like to use remotely that I don’t want to expose to the internet.
By “know what you’re doing” I mean “understand the consequences”. Anyone can follow a guide that tells them how to open a port on their router. Understanding that in doing so they’re potentially allowing every malicious actor into their home network is not so straightforward.