2025-01-28, 05:33 PM
(This post was last modified: 2025-01-28, 05:33 PM by TheDreadPirate.)
We discourage directly exposing Jellyfin to the Internet without a reverse proxy in the middle. Jellyfin is not hardened and makes no claims to being hardened. Having Nginx handle connections significantly reduces the potential for an exploitable vulnerability that would grant unauthenticated access.
It is unlikely that you would be targeted in this manner, but not having Jellyfin directly exposed to the Internet without Nginx (or whatever your preferred reverse proxy is) further reduces risk.
Internet security is all about reducing risk to the point that the amount of effort required for an attacker to gain access is higher than the perceived reward for their effort. For schmucks like us, the reward is pretty low to nothing so the amount of effort someone is willing to expend is also low. So we are just trying to prevent low effort script kiddies and bots from exploiting already known flaws or using common attacks.
So we reduce that attack surface area by using a hardened application, like Nginx, to handle external connections.
Keep your stuff up-to-date.
Use good security best practices.
It is unlikely that you would be targeted in this manner, but not having Jellyfin directly exposed to the Internet without Nginx (or whatever your preferred reverse proxy is) further reduces risk.
Internet security is all about reducing risk to the point that the amount of effort required for an attacker to gain access is higher than the perceived reward for their effort. For schmucks like us, the reward is pretty low to nothing so the amount of effort someone is willing to expend is also low. So we are just trying to prevent low effort script kiddies and bots from exploiting already known flaws or using common attacks.
So we reduce that attack surface area by using a hardened application, like Nginx, to handle external connections.
Keep your stuff up-to-date.
Use good security best practices.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1