this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
187 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] NeryK@sh.itjust.works 11 points 1 month ago (2 children)

For a remote and non-technical user I would say IP whitelisting offers a decent tradeoff.

On your end you expose your jellyfin port to internet, but restrict at the router level to your user's client IP address as soon as you have it. Obviously in practice this works best if the address does not change often.

[–] Bazoogle@lemmy.world 5 points 1 month ago (1 children)

Also not as ideal if their ISP uses CGNAT. Still waaay better than fully open, but you would be giving access to many households

[–] NeryK@sh.itjust.works 2 points 1 month ago* (last edited 1 month ago)

Yep, that's why I call that a tradeoff. Far from perfect and yet so much better than nothing.

Pros:

  • Likely cuts 99.99% of attacks.
  • Nothing to do on client's end.

Cons:

  • Whitelisting must be updated everytime the client address changes.
  • Not 100% bulletproof as operators (notably for mobile networks) can NAT multiple connections behind a single publicly addressable IPv4 address.
  • Also IP addresses can be spoofed but I doubt that would be a major concern here.
[–] MIDItheKID@lemmy.world 0 points 1 month ago (1 children)

Is there a way to this with like a MAC address instead of an IP? Allowing specific devices (my parents have a Firestick that they travel with) would be pretty ideal.

[–] NeryK@sh.itjust.works 3 points 1 month ago

No, not for remote access over the internet.