+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: General Questions (https://forum.jellyfin.org/f-general-questions)
+--- Thread: Tailscale & Jellyfin as a Noob (/t-tailscale-jellyfin-as-a-noob)
Tailscale & Jellyfin as a Noob - Tomato - 2024-01-06
Another noob post but wanted to get everyone's thoughts on using Tailscale to access Jellyfin through the internet?
At most it would be like 3 family members. I can set everything up for them.
I'm afraid if I'm too lax I would open up my server to hackers / Russians but can follow decent instructions.
I'm running windows 11 for my Jellyfin server and plan on follow instructions set up here: Jellyfin Remote Access with Tailscale | Ethan Madison's website
RE: Tailscale & Jellyfin as a Noob - TheDreadPirate - 2024-01-06
There are several ways to secure your server from drive by attack attempts.
1) Keep everything up-to-date
2) Use https with a proper cert with a reverse proxy
3) Use a wildcard cert *.domain.tld in conjuction with a subdomain jellyfin.domain.tld
4) Use a non-standard https port. Like 40443 instead of 443.
5) Hide usersnames from the Jellyfin login screen so attackers don't have a starting point for password guessing
6) Setup fail2ban for the few that make it past 1 thru 4
99.99999% of attackers on the internet are low effort script kiddies. They scan common service ports, scan for unpatched services, etc. If you use a subdomain and setup your reverse proxy to only respond to the subdomain, pretty much nobody will find your jellyfin server since attackers will only try domain.tld.
The other 0.00001% are nation state hackers and aren't interested in you.
Using tailscale is fine, but not all devices can use it (Roku, Fire sticks/Android TV).