2024-03-29, 01:08 PM
Private servers aren't attractive targets, so they're unlikely to be attacked. Assuring that accounts are required on Jellyfin further reduces avenues of attack especially if you avoid common account names (e.g. admin). If Jellyfin had a vulnerability, it could be exploited, but this can be mitigated with the proper permissions being set on the server: don't run with admin privileges, limited access to the hard drive, etc. If your server supports it you can limit access geographically although there are obvious ways around this.
Tailscale or reverse proxy access is always recommended, however prior to implementing this, I had a few services open to the internet for years and never had a single failed login attempt that I didn't cause.
Tailscale or reverse proxy access is always recommended, however prior to implementing this, I had a few services open to the internet for years and never had a single failed login attempt that I didn't cause.