Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

  • Bazoogle@lemmy.worldEnglish
    4·
    18 hours ago

    Also not as ideal if their ISP uses CGNAT. Still waaay better than fully open, but you would be giving access to many households

    • NeryK@sh.itjust.worksEnglish
      1·
      12 hours ago

      Yep, that’s why I call that a tradeoff. Far from perfect and yet so much better than nothing.

      Pros:

      • Likely cuts 99.99% of attacks.
      • Nothing to do on client’s end.

      Cons:

      • Whitelisting must be updated everytime the client address changes.
      • Not 100% bulletproof as operators (notably for mobile networks) can NAT multiple connections behind a single publicly addressable IPv4 address.
      • Also IP addresses can be spoofed but I doubt that would be a major concern here.