I’m using cloudflare tunnel to access my movie collection on selfhosted jellyfin. Jellyfin accounts are behind a strong password.

Considering it’s on the web, how bad is it? I’m not thinking about attacks, can I be flagged for piracy or things? Where does the ISP stand?

  • TheRealAdreaner@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I would suggest to put it behind an sso service like a self hosted authelia or authentik. So even if someone finds your website they will only see your authentication page and not what’s behind it.

    • excelite_x@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Why would that be a benefit? Jellyfin already provides a login screen (allegedly with strong passwords)

      • TheRealAdreaner@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Like I said. So even if someone find your domain to your jellyfin server they would only see Authentik.

        And if you start with authentik you could use it for much more self hosted services so you have one big login page in front of your services.

    • Ben4425@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      How would that work with a Jellyfin client running on a device like a Chromecast dongle? The code on the dongle doesn’t (IMHO) know how to log into an SSO service.

      • TheRealAdreaner@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You would have to exclude the */api/ path in the authentik provide settings, so that if something wants to call the jellyfin api (like Swiftfin) it can go around the sso. It’s not the best practice for security but the only working way I have found.

    • bobbarker4444@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Cloudfare offers an authentication service like that already. Really easy to set up in front of a tunnel