2025-01-20, 03:53 AM
Yeah I knew they are the same but I thought TS had extra overhead.
Right now my setup is
Unraid Jellyfin Docker (with Built-in tailscale) <->
CGNAT <->
VPS (tailscale) <->
Caddy (reverse proxy from jf.mydomain to JellyFin's TS_IP:port) <->
jf.mydomain (pointed to VPS IP)
I have strengthened the VPS somehow with different ufw rules, ssh cfg/port changes, fail2ban, etc.
But if someone randomly finds my jf.mydomain address, they get to the login page of Jellyfin, I don't show user's logins, but then theoretically they can try to find JF's vulnerabilities if any to get through. I am not that paranoid and I don't think I want to limit the VPS to certain IPs, but is there anything else I can do to strengthen that connection from the outside ? Since it's just a https://jf.mydomain that will give them a login/pass page.
Right now my setup is
Unraid Jellyfin Docker (with Built-in tailscale) <->
CGNAT <->
VPS (tailscale) <->
Caddy (reverse proxy from jf.mydomain to JellyFin's TS_IP:port) <->
jf.mydomain (pointed to VPS IP)
I have strengthened the VPS somehow with different ufw rules, ssh cfg/port changes, fail2ban, etc.
But if someone randomly finds my jf.mydomain address, they get to the login page of Jellyfin, I don't show user's logins, but then theoretically they can try to find JF's vulnerabilities if any to get through. I am not that paranoid and I don't think I want to limit the VPS to certain IPs, but is there anything else I can do to strengthen that connection from the outside ? Since it's just a https://jf.mydomain that will give them a login/pass page.