2024-03-29, 11:07 PM
Definitely going to echo Mikul's sentiment that private servers are NOT attractive targets. There is little/no money in it for hackers. The most unsolicited activity you will get on your server are low effort script kiddies looking for unpatched Windows 7 hosts.
The statements The Jellyfin Project makes about exposing Jellyfin directly to the Internet, without a reverse proxy, is less about Jellyfin being insecure and more about there being no effort made to make Jellyfin secure. Does that make sense? This is why we recommend having a reverse proxy in front of Jellyfin since Nginx/Apache/Caddy/etc. ARE hardened and significant effort has been made to make them secure.
Keep your OS up to date, keep your reverse proxy up to date. You shouldn't have a problem.
The statements The Jellyfin Project makes about exposing Jellyfin directly to the Internet, without a reverse proxy, is less about Jellyfin being insecure and more about there being no effort made to make Jellyfin secure. Does that make sense? This is why we recommend having a reverse proxy in front of Jellyfin since Nginx/Apache/Caddy/etc. ARE hardened and significant effort has been made to make them secure.
Keep your OS up to date, keep your reverse proxy up to date. You shouldn't have a problem.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1