this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
263 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] slazer2au@lemmy.world 61 points 1 month ago (1 children)

At the very minimum stick a reverse proxy in front like caddy, nginx, or Traefik. Then have some middleware like crowdsec to inspect what's going on. Then whitelist the IP or the country IP block.

There is much more but those would be the bare minimum.

[โ€“] NarrativeBear@lemmy.world 16 points 1 month ago

I too would like to know more. Jellyfin has been something that I am still heditating to expose online without a VPN.

I have Plex behind a reverse proxy (HAproxy) with Crowdsec and firewall rules all behind Cloudflare. My firewall rules in HAproxy block access a few different ways, like if request are higher then 60 requests a second, or if there is strange path traversal. Used the following guide as a start.

https://www.archy.net/building-a-native-fail2ban-with-haproxy-stick-tables/