Theres a reason everyone uses a VPN to allow remote streaming for their Jellyfin. The things as open as a barns door, so you should not just open it to the public. Like I said, even the devs say not to do that, its just not secure enough
According to your own link that you totally read : “Note that opening a port gives full access to that port to the next higher Network. Opening a port directly to the Internet is therefore insecure and not recommended.”
and
“forwarding its Ports directly to the internet (not recommended!)”
Yeah, no shit. That’s not an issue with jellyfin, that’s general advice for any application you’re hosting. Use a reverse proxy instead. That is also in the documentation.
Using a knife might cut you when you hold it by the blade, does that mean no one should hold it by the handle?
Well I was just answering your question about “why would jellyfin have documentation about opening it to the web if unsafe?” by pointing out that while they do tell you how to, they also explains the risks associated with doing so. Having documentation about something doesn’t mean that the devs endorse this usage.
People are arguing that Jellyfin is inherently unsafe, or more so than another web application like plex and therefore if you provide friends access to it, they MUST use a VPN. That’s not true. You can host Jellyfin behind a reverse proxy and it’s accessible just like other web applications. Your friends don’t need to learn how to use a VPN. They can login just like they login to other websites.
Ok, where did I say any of that exactly? I never said it was a jellyfin only issue anywhere, and I sure as hell didn’t say anything about VPN, as much as you didn’t say anything about a proxy until now.
And congrats on using a proxy and exposing your server to said proxy, you’re just proving my point by not exposing directly to the internet as your previous comments implied.
Theres a reason everyone uses a VPN to allow remote streaming for their Jellyfin. The things as open as a barns door, so you should not just open it to the public. Like I said, even the devs say not to do that, its just not secure enough
You’re just spreading fud. Jellyfin devs actually have documentation on how to expose it to the net. Why would they do that if it were unsafe?https://jellyfin.org/docs/general/post-install/networking/
I’ve been using it this way for a couple years now and we are good. Never used Plex. I’m using only Jellyfin. So, I’ll pass on your advice. Thanks.
According to your own link that you totally read : “Note that opening a port gives full access to that port to the next higher Network. Opening a port directly to the Internet is therefore insecure and not recommended.” and “forwarding its Ports directly to the internet (not recommended!)”
Yeah, no shit. That’s not an issue with jellyfin, that’s general advice for any application you’re hosting. Use a reverse proxy instead. That is also in the documentation.
Using a knife might cut you when you hold it by the blade, does that mean no one should hold it by the handle?
Well I was just answering your question about “why would jellyfin have documentation about opening it to the web if unsafe?” by pointing out that while they do tell you how to, they also explains the risks associated with doing so. Having documentation about something doesn’t mean that the devs endorse this usage.
People are arguing that Jellyfin is inherently unsafe, or more so than another web application like plex and therefore if you provide friends access to it, they MUST use a VPN. That’s not true. You can host Jellyfin behind a reverse proxy and it’s accessible just like other web applications. Your friends don’t need to learn how to use a VPN. They can login just like they login to other websites.
Ok, where did I say any of that exactly? I never said it was a jellyfin only issue anywhere, and I sure as hell didn’t say anything about VPN, as much as you didn’t say anything about a proxy until now. And congrats on using a proxy and exposing your server to said proxy, you’re just proving my point by not exposing directly to the internet as your previous comments implied.