2025-04-01, 08:31 AM
Hello again,
First of all, thanks for your quick answers guys!
About this, when I tried to put under DNS/Records in Cloudflare my Public IP, stops working and I lose the local connection to jellyfin with the URL (I do get a message in the browser that I do not know very well what it means, which translating it from Spanish to English says something like this: this page is loaded from another page).
At first I thought it could be because of Proton (for example, when I clicked on the link you gave me, what appeared, logically, was the IP that Proton gives me, and not my Public IP), but it doesn't seem to be the case.
In the WAN options in my router, there are two IPs, one that I think is my Public IP, which says Internet, and that is the one that shows me the web page that you passed or the one that Proton shows me when it is not connected, and another one that I imagine will be the router's one, right?
So, if in the Cloudflare registry I put the Local IP of my server, everything works perfectly (locally), but if I put the Public IP, sometimes it works for a few minutes but then stops working and does not work again until I change it to the Local IP.
Why does this happen? Am I doing something wrong?
I was looking at the docker-compose I have for Jellyfin and I have this parameter in environment: JELLYFIN_PublishedServerUrl. Yesterday I noticed that an old Local IP of the server was set, and I thought it could be because of this. I set the current one, but I haven't seen any change.
Could it be that this parameter is interfering and I need to change it to something else?
On another note, I am not sure if my Public IP is dynamic. Since I always have Proton connected, I don't notice if it changes.
Should I look into this?
So, to rule things out, if I understood this correctly, I did the port forwarding properly, right?
For port 443 I put this:
External Start Port: 443
External End Port: 443
Server IP Address: the local IP for my TrueNas server
Open Start Port: 443
Open End Port: 443
Ok. And what do you think using both, a VPN and reverse proxy? Is it overkill?
What other security measures can I implement?
Anyway, thanks for the suggestions. If I see that I don't get off the hook, I'll think about switching to Caddy.
First of all, thanks for your quick answers guys!
(2025-03-31, 03:54 PM)TheDreadPirate Wrote: Regarding #2, the IP you put in cloudflare is your PUBLIC IP, which you can find with sites like https://whatismyipaddress.com/ or just by finding your WAN IP in your router's settings.
About this, when I tried to put under DNS/Records in Cloudflare my Public IP, stops working and I lose the local connection to jellyfin with the URL (I do get a message in the browser that I do not know very well what it means, which translating it from Spanish to English says something like this: this page is loaded from another page).
At first I thought it could be because of Proton (for example, when I clicked on the link you gave me, what appeared, logically, was the IP that Proton gives me, and not my Public IP), but it doesn't seem to be the case.
In the WAN options in my router, there are two IPs, one that I think is my Public IP, which says Internet, and that is the one that shows me the web page that you passed or the one that Proton shows me when it is not connected, and another one that I imagine will be the router's one, right?
So, if in the Cloudflare registry I put the Local IP of my server, everything works perfectly (locally), but if I put the Public IP, sometimes it works for a few minutes but then stops working and does not work again until I change it to the Local IP.
Why does this happen? Am I doing something wrong?
I was looking at the docker-compose I have for Jellyfin and I have this parameter in environment: JELLYFIN_PublishedServerUrl. Yesterday I noticed that an old Local IP of the server was set, and I thought it could be because of this. I set the current one, but I haven't seen any change.
Could it be that this parameter is interfering and I need to change it to something else?
On another note, I am not sure if my Public IP is dynamic. Since I always have Proton connected, I don't notice if it changes.
Should I look into this?
(2025-03-31, 03:54 PM)TheDreadPirate Wrote: For the port forwarding, you would use the LAN IP for the host running NPM. FYI, port 81 is the NPM management port and does NOT need to be forwarded. Only ports 80 and 443.
So, to rule things out, if I understood this correctly, I did the port forwarding properly, right?
For port 443 I put this:
External Start Port: 443
External End Port: 443
Server IP Address: the local IP for my TrueNas server
Open Start Port: 443
Open End Port: 443
(2025-03-31, 03:54 PM)TheDreadPirate Wrote: IMO, using a reverse proxy is much preferred over a VPN. Some clients cannot run a VPN app (Roku and some Android TV devices). The danger of opening ports 80 and 443 are extremely over inflated.
Ok. And what do you think using both, a VPN and reverse proxy? Is it overkill?
What other security measures can I implement?
(2025-03-31, 06:55 PM)pxr5 Wrote: I just read all this and it sounds so complicated what you've gone through. I realise you've gone down the Nginx route but for a super easy Reverse Proxy - you might want to try Caddy v2. I'm no network expert at all but had it running really quickly and it works very well:Yes, I considered Caddy during certain times, but honestly, since I started researching these things, I had always seen info about NPM, so when I learned about Caddy I was already familiar with NPM and decided to go ahead.
https://forum.jellyfin.org/t-access-your...with-caddy
https://forum.jellyfin.org/t-how-to-reve...r-friendly
Anyway, thanks for the suggestions. If I see that I don't get off the hook, I'll think about switching to Caddy.