this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
263 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Bazoogle@lemmy.world 5 points 1 month ago (1 children)

Also not as ideal if their ISP uses CGNAT. Still waaay better than fully open, but you would be giving access to many households

[โ€“] NeryK@sh.itjust.works 2 points 1 month ago* (last edited 1 month ago)

Yep, that's why I call that a tradeoff. Far from perfect and yet so much better than nothing.

Pros:

  • Likely cuts 99.99% of attacks.
  • Nothing to do on client's end.

Cons:

  • Whitelisting must be updated everytime the client address changes.
  • Not 100% bulletproof as operators (notably for mobile networks) can NAT multiple connections behind a single publicly addressable IPv4 address.
  • Also IP addresses can be spoofed but I doubt that would be a major concern here.