+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Off Topic (https://forum.jellyfin.org/f-off-topic)
+--- Forum: General Discussion (https://forum.jellyfin.org/f-general-discussion)
+--- Thread: ELI5: How secure would duckdns + nginx be for remote access? (/t-eli5-how-secure-would-duckdns-nginx-be-for-remote-access)
Pages:
1
2
ELI5: How secure would duckdns + nginx be for remote access? - broly129 - 2023-07-13
I have zero networking experience till now, have Jellyfin running on Unraid and it's working quite nicely for my home network. Next step, I would like to configure remote access. To me using DuckDNS as well as NGINX for reverse proxy seems like the easiest and the cheapest option. But is there a trade off to this? Would I be better off buying a cheap domain and using Cloudflare for example?
RE: ELI5: How secure would duckdns + nginx be for remote access? - TheDreadPirate - 2023-07-13
I use NoIP + apache + letsencrypt certs without issue. Most people just use DuckDNS or some other DDNS service. Getting a domain would purely be for URL aesthetics.
RE: ELI5: How secure would duckdns + nginx be for remote access? - campipaolo - 2023-07-13
In my setup I'm running on Linux Mint 21 with Jellyfin installed with sh script as guide on web site
With Duckdns + caddy2 for reverse proxy and ssl
It works with no-ip too
RE: ELI5: How secure would duckdns + nginx be for remote access? - broly129 - 2023-07-13
Ok so my current plan should work then. My follow up to that is will it be necessary to configure HTTPS in Jellyfin, or will the reverse proxy take care of all of that? I assume it just means it will be HTTP on local network which is fine right?
RE: ELI5: How secure would duckdns + nginx be for remote access? - TheDreadPirate - 2023-07-13
The reverse proxy handles https. The proxy will communicate internally to jellyfin via http. You CAN have the proxy communicate via https to jellyfin, but that adds unnecessary overhead.
RE: ELI5: How secure would duckdns + nginx be for remote access? - broly129 - 2023-07-13
Ok that's what I assumed, but yeah that would be unnecessary. So long as I'm not inviting hackers to my doorstep I'm satisfied lol.
RE: ELI5: How secure would duckdns + nginx be for remote access? - DingleBob - 2024-06-06
how safe is this setup considering threats?
I was thinking about pivpn + duckdns to just enter the home network and use jellyfin from there, instead of exposing anything
RE: ELI5: How secure would duckdns + nginx be for remote access? - TheDreadPirate - 2024-06-06
You have to keep in mind that we are all small fries. No hacker with any skill is going after us.
Keep your system up-to-date
Use a reverse proxy
Use legit certs for https
Hide usernames from the Jellyfin login screen
Use non-standard https port to minimize randos finding your jellyfin
Setup fail2ban to ban the rare rando that finds your server
Running on a non-standard https port is big, IMO. I've yet to see any failed login attempts on my Jellyfin from rando IPs.
RE: ELI5: How secure would duckdns + nginx be for remote access? - 5cdru1ls - 2024-06-11
I would agree with moderator that its a matter of small fries and hackers...
RE: ELI5: How secure would duckdns + nginx be for remote access? - pcm - 2024-06-18
I agree with TheDreadPirate with the setup if you plan to host jellyfin on the root of your site...
My strategy is different. I don't have jellyfin on the root (/) of my website. My website's root/index page just shows nginx default-homepage.
I host jellyfin on a specific path on my website and I don't host a sitemap so ... good luck trying to figure that out where on my site is jellyfin hosted.
And if, by brute-force someone does figure out the path to jellyfin on my site, I also don't show any user accounts on the jellyfin landing page...
I don't like the reliability of duckdns .. I prefer getting my own domain. I got mine from cheap at namecheap.
I get my certs from zeroSSL.
I'm curious as to why you think you'd need a VPN. The SSL connection between your client and server will ensure that no one can read any data except for the server and the client...