Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?

  • NeryK@sh.itjust.worksEnglish
    1·
    10 hours ago

    Yep, that’s why I call that a tradeoff. Far from perfect and yet so much better than nothing.

    Pros:

    • Likely cuts 99.99% of attacks.
    • Nothing to do on client’s end.

    Cons:

    • Whitelisting must be updated everytime the client address changes.
    • Not 100% bulletproof as operators (notably for mobile networks) can NAT multiple connections behind a single publicly addressable IPv4 address.
    • Also IP addresses can be spoofed but I doubt that would be a major concern here.