• 0 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: April 27th, 2024

help-circle




  • Actual answer for 3:

    • put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
    • create subdomain, let’s say sub.yourdomain.com
    • forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
    • tell your relatives to put sub.yourdomain.com into their jellyfin app

    All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either

    • “port forwarding is a bad idea!!”, which yes, don’t do that. The above is not that. Or
    • “people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk” which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).

    (Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)


  • Neovim, because I wanted something that would not just disappear.

    I never really got along with VSCode, opting for Atom instead. Microsoft bought GitHub, which owned Atom, and promptly discontinued it.

    Nvim has such an active community (and no “owner”) that I’m certain that this won’t happen again. At the same time, the plugin system is so flexible that I’m also certain that I will never miss out on any shiny new features.

    Over the years, my config has matured, and is mine. The thought of going back to an editor, any editor, less flexible in its configuration than nvim is just… an absolute “no”.

    It’s a steep learning curve, but well worth it.









  • Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.

    I showed her this thread and she said: don’t bother, just use http on your local network.

    Anyways, I am going to disengage from this thread now. Skepticism against things one doesn’t fully understand can be healthy, but this is an insane mix of paranoia and naïveté.

    You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.

    Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).

    Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.

    Graphene is not an ultimate arbiter of IT security, but the reason it “distrusts networks” is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).

    Hosting Jellyfin on Graphene will not make it more secure, whatsoever.

    If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.

    If you actually assume your router is malicious, then please assume that when you initially downloaded your VPN client, it was also compromised and your VPN is not trustworthy.

    The way I see it, you have two options:

    1. educate yourself on network security to the point of being able to trust your network setup; or
    2. forget about hosting anything