Secure my server

I have just installed Jellyfin, and I like what I see. Now I am plannig oppenig it to internet, what should I do to keep my server secure? For basic access I use SSH (private keys) and port forwarding; I have checked some documentation for using fail2ban, but I don’t know the current status of the subject.
And are there any other things to keep in mind?

Thanks

The best place to start is to have good safe passwords for all user accounts in Jellyfin.

For most external access, we recommend using a reverse proxy. We have quite a few setup guides in our documentation: http://docs.jellyfin.org

I have read about proxy. Caddy appear to be the simpliest way to go, but I will have to check if it works with let’s encrypt.
This would solve “man in the middle” attacks, and ensure passwords are encrypted. But wouldn’t protect against brute force attacks.

Yes, it seems Caddy is among the easiest, and it would support Let’s Encrypt.

I think we were close to adding Fail2Ban documentation but it hasn’t come through yet.

Best I can find on Reddit is this:

I found 2 reddit posts, and some github entries, but one was commenting some changes to logs to make it easier, I don’t know if they are applied.

A very good security feature to add to your armoury is geo-blocking. Only open incoming connections from ranges/countries you expect (and want) to connect.

Opening it up to the entire world when you only want a handful of your friends/relatives from the same city to connect, is just asking for trouble.

I do this on my network gateway (pfSense), but there’s nothing to stop you from formulating a suitable iptables ruleset directly on the Jellyfin server.

1 Like