Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
What are you afraid of?
My jellyfin runs in a a rootless podman container
I’m afraid of security bugs in the software I’m using, so that containers don’t contain, read-only doesn’t prevent writing, mounting directories doesn’t restrict access to those directories, etc.
I’m a nobody, I can’t imagine anyone targeting me or my random domain, but I can imagine getting swept up in a net of attacks of opportunities targeting hosted software with known vulnerabilities, or injected supply chain vulnerabilities, so I want to reduce my attack surface as much as I can (while still actually letting the people I want to access it actually access it)
Then don’t expose anything on the internet