this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
281 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] zaggynl@feddit.nl 8 points 1 month ago (3 children)

Ask them to visit https://ipv4.icanhazip.com/ and give you back the number, then whitelist in your webserver, as well as your LAN/VPN range, deny rest. Explain they can only reach jellyfin from their home internet. Repeat if they get 403 forbidden after they get a new WAN IP.

That or VPN like openziti, wireguard but gets more complicated.

[–] floral_toxicity@lemmy.world 4 points 1 month ago

https://www.moanmyip.com/

It's exactly what it sounds like.

[–] hereiamagain@sh.itjust.works 3 points 1 month ago (1 children)

This is solid. I wonder if you could rig up a ddns somehow to keep it seamless?

[–] zaggynl@feddit.nl 2 points 1 month ago

Something like reverse dynamic DNS for end users? Hm, only if it would be easy to setup, is on the same level as a VPN client I'd say.

[–] axx@slrpnk.net 3 points 1 month ago (1 children)

You really can't assume your visitors are going to have static IPs.

What happens when they visit from their phone? A friend's WiFi? Their home connection that has a regularly changing IP?

[–] zaggynl@feddit.nl 0 points 1 month ago* (last edited 1 month ago) (1 children)

So far I've seen WAN leases expire after a long time, say months, or quarter year, so is doable. If becomes an issue I'll work with them on a VPN solution but is a pain for non-technical users or non-supported hardware. That's also why I explain "use from your home network only".

[–] axx@slrpnk.net 1 points 1 month ago (1 children)

What's your concern about running it behind a reverse proxy, like caddy or nginx?

[–] zaggynl@feddit.nl 2 points 4 weeks ago* (last edited 4 weeks ago)

I don't consider Jellyfin a fully secure and audited application to host, unsecured endpoints come to mind, that and the less exposed to the whole internet the better.

https://github.com/jellyfin/jellyfin/issues/13987

Things like these scare me:

https://blog.lastpass.com/posts/notice-of-recent-security-incident

https://www.androidpolice.com/lastpass-breach-plex-update/