this post was submitted on 31 Mar 2025
214 points (98.2% liked)

Selfhosted

60366 readers
727 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

you are viewing a single comment's thread
view the rest of the comments
[–] lambda@programming.dev 3 points 1 year ago (1 children)

SSO plugin is good to know about. Does that address any of the issues with security that someone was previously talking about?

[–] Batman@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

I'd say it's nearly as secure as

basic authentication. If you restrict deletion to admin users and use role (or group) based auth to restrict that jellyfin admin ability to people with strong passwords in keycloak, i think you are good. Still the only risk is people could delete your media if an adminusers gmail is hacked.

Will say it's not as secure as restricting access to vpn, you could be brute forced. Frankly it would be preferable to set up rate limiting, but that was a bridge too far for me

[–] Appoxo@lemmy.dbzer0.com 2 points 1 year ago

I set mine up with Authelia 2FA and restricted media deletion to one user: The administrator.
All others arent allowed to delete. Not even me.