Tailscale & Jellyfin as a Noob - Printable Version +- Jellyfin Forum (https://forum.jellyfin.org) +-- Forum: Support (https://forum.jellyfin.org/f-support) +--- Forum: General Questions (https://forum.jellyfin.org/f-general-questions) +--- Thread: Tailscale & Jellyfin as a Noob (/t-tailscale-jellyfin-as-a-noob) |
Tailscale & Jellyfin as a Noob - Tomato - 2024-01-06 Another noob post but wanted to get everyone's thoughts on using Tailscale to access Jellyfin through the internet? At most it would be like 3 family members. I can set everything up for them. I'm afraid if I'm too lax I would open up my server to hackers / Russians but can follow decent instructions. I'm running windows 11 for my Jellyfin server and plan on follow instructions set up here: Jellyfin Remote Access with Tailscale | Ethan Madison's website RE: Tailscale & Jellyfin as a Noob - TheDreadPirate - 2024-01-06 There are several ways to secure your server from drive by attack attempts. 1) Keep everything up-to-date 2) Use https with a proper cert with a reverse proxy 3) Use a wildcard cert *.domain.tld in conjuction with a subdomain jellyfin.domain.tld 4) Use a non-standard https port. Like 40443 instead of 443. 5) Hide usersnames from the Jellyfin login screen so attackers don't have a starting point for password guessing 6) Setup fail2ban for the few that make it past 1 thru 4 99.99999% of attackers on the internet are low effort script kiddies. They scan common service ports, scan for unpatched services, etc. If you use a subdomain and setup your reverse proxy to only respond to the subdomain, pretty much nobody will find your jellyfin server since attackers will only try domain.tld. The other 0.00001% are nation state hackers and aren't interested in you. Using tailscale is fine, but not all devices can use it (Roku, Fire sticks/Android TV). |