this post was submitted on 09 Oct 2025
21 points (95.7% liked)

Jellyfin: The Free Software Media System

7611 readers
2 users here now

Current stable release: 10.10.7

Community Standards

Website

Forum

GitHub

Documentation

Feature Requests

Matrix (General Information & Help)

Matrix (Announcements)

Matrix (General Development)

Matrix (Off-Topic) - Come get to know the team and blow off steam!

Matrix Space - List of all the available rooms on Matrix.

Discord - Bridged to our Matrix rooms

founded 5 years ago
MODERATORS
sparky8251@lemmy.ml
1hitsong@lemmy.ml
anthonylavado@lemmy.ca
21
I run a personal server. Do I need to do anything specific to protect it? (lemmy.world)
submitted 3 days ago by MTZ@lemmy.world to c/jellyfin@lemmy.ml
16 comments fedilink hide all child comments
 

I have been running a large server 24/7 for about a month and a half now. It is only for myself and the fam, no one else has access to it at all.

I'm trying to learn about selfhosting and whatnot, but it's....a lot. Is there anything I need to do specifically besides configuring it correctly in order to protect it and myself. I hear people talking about putting stuff in dockers, putting things behind a reverse proxy, a VPN, etc.

I do currently have it running behind ProtonVPN but that's it. Do I need to be doing more?

Thanks in advance for any help!

you are viewing a single comment's thread
view the rest of the comments
[–] plantsmakemehappy@lemmy.world 16 points 3 days ago (3 children)

Don't expose it over the Internet, local network access only, is the easiest but also limits you to accessing it only at home.

You could use something like tail scale or setup your own wireguard server to keep it still local-ish but still allow trusted people access.

Reverse proxy with auth of some kind if you plan to expose it to the Internet.

[–] golden_zealot@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

Reverse proxy/SOCKS5 works well in my experience.

I have a little computer on my network which runs my VPN - then on that computer I have ssh listening on a non-standard port that my VPN's dyndns links up to a human readable hostname with a different port.

If I want to watch stuff off-network I just have to ssh -D to that hostname and port and then configure a browser to use the connection as a SOCKS5 proxy, then jellyfin and anything else I'm hosting works as if locally through that browser.

The ssh is key based as well, not password based - haven't had any incidents in doing it this way.

[–] bowreality@lemmy.ca 3 points 3 days ago (1 children)

Can you restrict Jellyfin itself to local network?

[–] oddlyqueer@lemmy.ml 13 points 3 days ago* (last edited 3 days ago) (1 children)

It is by default, you need to open ports on your router in order for it to receive traffic from outside your home network. And then configure those ports to forward to your jellyfin server.

[–] MTZ@lemmy.world 2 points 3 days ago* (last edited 3 days ago)

Thanks for clarifying. No, it is only meant to be used as a centralized entertainment system here in my home. None of us care about taking said media with us when we leave the house.