When I see this sort of thing, and other people are trying to do it, a reverse proxy or vpn is always mentioned. Heres my question:

How Dangerous is it to just open the port for it on my router and access it like that?

Lets say i want to access jellyfin from Kodi on my xbox or something outside my network, the vpn solution wouldnt work for this i would think.

My issue with reverse proxies, and why im asking, is it seems less secure? I mean Im well aware that an IP is easy to get, i guess. But how likely is someone to look for something on my network specifically? With reverse proxies it seems like i would be broadcasting my server to the internet in a way its easier to happen across, than someone being interested in a random residential IP.

I run a minecraft server for friends on my main computer anyway, and i know tons of people do that, theoretically thats the same level of danger as opening my network for jellyfin specifically.

VPN isnt an option because of this xbox stuff i mentioned and people in my family who have 0 chance of understanding it regardless.

So what is the better option, going through this reverse proxy ( which im actually also unsure would work with kodi) or rawdog the server on my network. I guess leaving the server exposed? or every device even.

  • eddie@fig.systems
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    1 year ago

    So the reason you’d want a reverse proxy is because it handles security and would do a much better job of it than an exposed jellyfin port.

    Public FQDN -> your home IP -> your router allows 443/whatever to your reverse proxy -> it handles SSL and being hit by the internet (look into nginx security and even fail2ban) -> proxy serves up whatever insecure site/app you’d like.

    • foonex@feddit.de
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      A reverse proxy does not magically make an insecure app secure.

      • eddie@fig.systems
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        That’s where nginx security options and other tools like fail2ban come into play. I could’ve mentioned it better in my first sentence but a reverse proxy gives the capability to make it more secure than any options jellyfin will give you.

        I’d rather put nginx with modsecurity in front of jellyfin than not.

    • atfergs@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Any suggestions on where to read more about properly securing my home network? Most of what I find Googling is just basics.

    • isgleas
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If you add something like Cloudfare’s Proxy DNS, you add another layer, in this case your ISP IP will not be exposed, but Cloudflare’s, and they will handle a few more attempts of attack

      If you also consider Cloudflare’s Tunnels, you don’t even have to expose any of your ports.

      If an attacker bypasses Cloudflare, then your reverse proxy have to be compromised, and then your Jellyfin. Unless you are a focused target, I would say any bot attack will drop it soonish