Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

  • NeryK@sh.itjust.worksEnglish
    121·
    1 day ago

    For a remote and non-technical user I would say IP whitelisting offers a decent tradeoff.

    On your end you expose your jellyfin port to internet, but restrict at the router level to your user’s client IP address as soon as you have it. Obviously in practice this works best if the address does not change often.

    • Bazoogle@lemmy.worldEnglish
      4·
      20 hours ago

      Also not as ideal if their ISP uses CGNAT. Still waaay better than fully open, but you would be giving access to many households

      • NeryK@sh.itjust.worksEnglish
        1·
        14 hours ago

        Yep, that’s why I call that a tradeoff. Far from perfect and yet so much better than nothing.

        Pros:

        • Likely cuts 99.99% of attacks.
        • Nothing to do on client’s end.

        Cons:

        • Whitelisting must be updated everytime the client address changes.
        • Not 100% bulletproof as operators (notably for mobile networks) can NAT multiple connections behind a single publicly addressable IPv4 address.
        • Also IP addresses can be spoofed but I doubt that would be a major concern here.
    • MIDItheKID@lemmy.worldEnglish
      1·
      16 hours ago

      Is there a way to this with like a MAC address instead of an IP? Allowing specific devices (my parents have a Firestick that they travel with) would be pretty ideal.