this post was submitted on 23 May 2026
154 points (97.0% liked)

Selfhosted

60409 readers
275 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] zaggynl@feddit.nl 2 points 4 weeks ago* (last edited 4 weeks ago)

I don't consider Jellyfin a fully secure and audited application to host, unsecured endpoints come to mind, that and the less exposed to the whole internet the better.

https://github.com/jellyfin/jellyfin/issues/13987

Things like these scare me:

https://blog.lastpass.com/posts/notice-of-recent-security-incident

https://www.androidpolice.com/lastpass-breach-plex-update/