Tailscale & Jellyfin as a Noob

[Tomato]

Another noob post but wanted to get everyone's thoughts on using Tailscale to access Jellyfin through the internet? 

At most it would be like 3 family members. I can set everything up for them. 

I'm afraid if I'm too lax I would open up my server to hackers / Russians but can follow decent instructions. 

I'm running windows 11 for my Jellyfin server and plan on follow instructions set up here:  Jellyfin Remote Access with Tailscale | Ethan Madison's website

[TheDreadPirate]

There are several ways to secure your server from drive by attack attempts.

1) Keep everything up-to-date
2) Use https with a proper cert with a reverse proxy
3) Use a wildcard cert *.domain.tld in conjuction with a subdomain jellyfin.domain.tld
4) Use a non-standard https port. Like 40443 instead of 443.
5) Hide usersnames from the Jellyfin login screen so attackers don't have a starting point for password guessing
6) Setup fail2ban for the few that make it past 1 thru 4

99.99999% of attackers on the internet are low effort script kiddies. They scan common service ports, scan for unpatched services, etc. If you use a subdomain and setup your reverse proxy to only respond to the subdomain, pretty much nobody will find your jellyfin server since attackers will only try domain.tld.

The other 0.00001% are nation state hackers and aren't interested in you.

Using tailscale is fine, but not all devices can use it (Roku, Fire sticks/Android TV).