this post was submitted on 23 May 2026
154 points (97.0% liked)
Selfhosted
60409 readers
281 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ask them to visit https://ipv4.icanhazip.com/ and give you back the number, then whitelist in your webserver, as well as your LAN/VPN range, deny rest. Explain they can only reach jellyfin from their home internet. Repeat if they get 403 forbidden after they get a new WAN IP.
That or VPN like openziti, wireguard but gets more complicated.
https://www.moanmyip.com/
It's exactly what it sounds like.
This is solid. I wonder if you could rig up a ddns somehow to keep it seamless?
Something like reverse dynamic DNS for end users? Hm, only if it would be easy to setup, is on the same level as a VPN client I'd say.
You really can't assume your visitors are going to have static IPs.
What happens when they visit from their phone? A friend's WiFi? Their home connection that has a regularly changing IP?
So far I've seen WAN leases expire after a long time, say months, or quarter year, so is doable. If becomes an issue I'll work with them on a VPN solution but is a pain for non-technical users or non-supported hardware. That's also why I explain "use from your home network only".
What's your concern about running it behind a reverse proxy, like caddy or nginx?
I don't consider Jellyfin a fully secure and audited application to host, unsecured endpoints come to mind, that and the less exposed to the whole internet the better.
https://github.com/jellyfin/jellyfin/issues/13987
Things like these scare me:
https://blog.lastpass.com/posts/notice-of-recent-security-incident
https://www.androidpolice.com/lastpass-breach-plex-update/