Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Are the majority of you running jellyfin on windows? All of this reverse proxy stuff sounds incredibly paranoid to me and 99% of zero day exploits would be very unlikely to fully compromise up to date linux servers.
The reverse proxy is just to give it TLS with a let’s encrypt cert. If you are running an internet facing web application without TLS, Windows is the least of your concerns.
@KneeTitts @Jason2357 Recently there are a lot of zero-day kernel exploits (local privilege escalation), so I would make sure “up to date” includes regular reboots into new kernels. As opposed to just relying on something like unattended-upgrades.
For the past few weeks we’ve been averaging one LPE per week, and it’s probably going to continue like that for a bit.