this post was submitted on 23 May 2026
206 points (97.2% liked)

Selfhosted

60664 readers
512 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

you are viewing a single comment's thread
view the rest of the comments
[–] KneeTitts@lemmy.world -2 points 1 month ago (2 children)

Are the majority of you running jellyfin on windows? All of this reverse proxy stuff sounds incredibly paranoid to me and 99% of zero day exploits would be very unlikely to fully compromise up to date linux servers.

[–] Andres4NY@social.ridetrans.it 4 points 1 month ago

@KneeTitts @Jason2357 Recently there are a lot of zero-day kernel exploits (local privilege escalation), so I would make sure "up to date" includes regular reboots into new kernels. As opposed to just relying on something like unattended-upgrades.

For the past few weeks we've been averaging one LPE per week, and it's probably going to continue like that for a bit.

[–] Jason2357@lemmy.ca 3 points 1 month ago

The reverse proxy is just to give it TLS with a let's encrypt cert. If you are running an internet facing web application without TLS, Windows is the least of your concerns.