I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be “Full”.

  • MiddledAgedGuy@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Obsfucation can help stimey scripts. I saw using a non-standard port mentioned.

    You can also setup a reverse proxy to deliver a different, empty site to a different dns entry by default. Use either a completely separate (as opposed to multidomain) cert for each, or a wildcard cert.

    Jellyfin also supports using a custom path, instead of delivering at the root. Your reverse proxy would need to be configured accordingly.