How would you expose Jellyfin securely without a vpn?

kiol@discuss.online · 2 days ago

How would you expose Jellyfin securely without a vpn?

nibbler@discuss.tchncs.de · 22 hours ago

If client certificates and basic auth is not supported by jellyfin:

reverse proxy
strong random subdomain
wildcard certificate
tls1.3 only
doh/dot only

1-3 make random scanners unable to find your service, 4&5 even hide it from your ISP. Dot/doh service will still know your subdomain, so be your own dot/doh ! :D

Dultas@lemmy.world · 8 hours ago

Throw in port knocking for good measure.

nibbler@discuss.tchncs.de · 7 hours ago

You telling me jellyfin Clients can’t handle client certs but can port knock?

My proposal is for maxing ux on the client side while being properly hidden.

Dultas@lemmy.world · 4 hours ago

No you port knock first to open the ports. Then connect the client.

Jason2357@lemmy.ca · 18 hours ago

I’m no expert, but an unguessible URL path is similar but not visible to DNS. Could do both.

nibbler@discuss.tchncs.de · 9 hours ago

If jellyfin Clients can do URLs, sure