2024-01-06, 04:44 AM
(This post was last modified: 2024-01-06, 04:47 AM by TheDreadPirate. Edited 1 time in total.)
There are several ways to secure your server from drive by attack attempts.
1) Keep everything up-to-date
2) Use https with a proper cert with a reverse proxy
3) Use a wildcard cert *.domain.tld in conjuction with a subdomain jellyfin.domain.tld
4) Use a non-standard https port. Like 40443 instead of 443.
5) Hide usersnames from the Jellyfin login screen so attackers don't have a starting point for password guessing
6) Setup fail2ban for the few that make it past 1 thru 4
99.99999% of attackers on the internet are low effort script kiddies. They scan common service ports, scan for unpatched services, etc. If you use a subdomain and setup your reverse proxy to only respond to the subdomain, pretty much nobody will find your jellyfin server since attackers will only try domain.tld.
The other 0.00001% are nation state hackers and aren't interested in you.
Using tailscale is fine, but not all devices can use it (Roku, Fire sticks/Android TV).
1) Keep everything up-to-date
2) Use https with a proper cert with a reverse proxy
3) Use a wildcard cert *.domain.tld in conjuction with a subdomain jellyfin.domain.tld
4) Use a non-standard https port. Like 40443 instead of 443.
5) Hide usersnames from the Jellyfin login screen so attackers don't have a starting point for password guessing
6) Setup fail2ban for the few that make it past 1 thru 4
99.99999% of attackers on the internet are low effort script kiddies. They scan common service ports, scan for unpatched services, etc. If you use a subdomain and setup your reverse proxy to only respond to the subdomain, pretty much nobody will find your jellyfin server since attackers will only try domain.tld.
The other 0.00001% are nation state hackers and aren't interested in you.
Using tailscale is fine, but not all devices can use it (Roku, Fire sticks/Android TV).