this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
263 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] syaochan@feddit.it 4 points 1 month ago (2 children)

How does a reverse proxy helps for security? I mean, the problem here is that exposing Jellyfin on the internet is dangerous: the only way to improve security via a reverse proxy would be mTLS, but I'm not sure how it would work client side.

[–] kcweller@feddit.nl 4 points 1 month ago (1 children)

By setting up a reverse proxy you redirect the traffic through that specific proxy which means less open ports (basically just 80/443), less monitoring, the ability to easily put a WAF inbetween, etc.

[–] nibbler@discuss.tchncs.de 1 points 1 month ago

Ports are closed by firewalls, and if you need to port forward on your home router this is a non-issue anyway

[–] Flatfire@lemmy.ca 2 points 1 month ago* (last edited 1 month ago)

You've got a couple benefits. If you have a domain name, and aren't advertising it publicly, then you can use the reverse proxy to point that domain to a non-standard port that Jellyfin runs on.

Security through obscurity is not good security, but it does prevent the majority of port scanning attacks. You can also use fail2ban on the reverse proxy side to try and mitigate some attacks.