2024-03-25, 06:12 PM
Hi all,
I'm making the switch from Plex to Jellyfin. I've been getting up to speed for a few days now on public access security. It's the same story that's all over this and other forums, I share my media with direct family members outside of the home (who are not tech savvy enough/use devices that don't work with simple VPN tunneling)
I followed this guide https://www.reddit.com/r/jellyfin/commen...oxy_guide/
And everything is working fine. I'm reasonably confident that I'm set up correctly and understand the general theory of placing the reverse proxy in front of my Jellyfin server so that communication is public-->https data-->reverse proxy-->http data only accessible internally -->Jellyfin
Except for the following two questions:
In my router, I've forwarded port 80 (http) and port 443 (https) to Caddy.
Question 1: What keeps someone from connecting to Caddy through port 80 on an unsecured connection? In my mind this would create this situation: Public Port 80 --> http data accessible anywhere --> reverse proxy --> http data only accessible internally --> jellyfin
Won't the Caddy reverse proxy be sending publicly available unencrypted potentially vulnerable Jellyfin information?
Question 2: Is there a problem with closing port 80?
Since I only want to allow secure connections anyway, after I finished setup I went back into my router and deleted the rule forwarding port 80, and only left port 443 open. I checked this with a port checker tool to make sure it had taken effect, and then I used an offsite computer to connect to Jellyfin and it still functioned correctly using my duckdns domain, defaulting to https://mydomain.duckdns.org.
Since it's working I'm tempted to leave it closed but I suspect that this might eventually cause issues with my LetsEncrypt certificate, but I'm a neophite when it comes to needing https certificates so I just have no idea.
Thank you for any insights you can provide,
I'm making the switch from Plex to Jellyfin. I've been getting up to speed for a few days now on public access security. It's the same story that's all over this and other forums, I share my media with direct family members outside of the home (who are not tech savvy enough/use devices that don't work with simple VPN tunneling)
I followed this guide https://www.reddit.com/r/jellyfin/commen...oxy_guide/
And everything is working fine. I'm reasonably confident that I'm set up correctly and understand the general theory of placing the reverse proxy in front of my Jellyfin server so that communication is public-->https data-->reverse proxy-->http data only accessible internally -->Jellyfin
Except for the following two questions:
In my router, I've forwarded port 80 (http) and port 443 (https) to Caddy.
Question 1: What keeps someone from connecting to Caddy through port 80 on an unsecured connection? In my mind this would create this situation: Public Port 80 --> http data accessible anywhere --> reverse proxy --> http data only accessible internally --> jellyfin
Won't the Caddy reverse proxy be sending publicly available unencrypted potentially vulnerable Jellyfin information?
Question 2: Is there a problem with closing port 80?
Since I only want to allow secure connections anyway, after I finished setup I went back into my router and deleted the rule forwarding port 80, and only left port 443 open. I checked this with a port checker tool to make sure it had taken effect, and then I used an offsite computer to connect to Jellyfin and it still functioned correctly using my duckdns domain, defaulting to https://mydomain.duckdns.org.
Since it's working I'm tempted to leave it closed but I suspect that this might eventually cause issues with my LetsEncrypt certificate, but I'm a neophite when it comes to needing https certificates so I just have no idea.
Thank you for any insights you can provide,
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github){kind=icon}