I have been running a large server 24/7 for about a month and a half now. It is only for myself and the fam, no one else has access to it at all.
I’m trying to learn about selfhosting and whatnot, but it’s…a lot. Is there anything I need to do specifically besides configuring it correctly in order to protect it and myself. I hear people talking about putting stuff in dockers, putting things behind a reverse proxy, a VPN, etc.
I do currently have it running behind ProtonVPN but that’s it. Do I need to be doing more?
Thanks in advance for any help!
Don’t expose it over the Internet, local network access only, is the easiest but also limits you to accessing it only at home.
You could use something like tail scale or setup your own wireguard server to keep it still local-ish but still allow trusted people access.
Reverse proxy with auth of some kind if you plan to expose it to the Internet.
Reverse proxy/SOCKS5 works well in my experience.
I have a little computer on my network which runs my VPN - then on that computer I have ssh listening on a non-standard port that my VPN’s dyndns links up to a human readable hostname with a different port.
If I want to watch stuff off-network I just have to ssh -D to that hostname and port and then configure a browser to use the connection as a SOCKS5 proxy, then jellyfin and anything else I’m hosting works as if locally through that browser.
The ssh is key based as well, not password based - haven’t had any incidents in doing it this way.
Can you restrict Jellyfin itself to local network?
It is by default, you need to open ports on your router in order for it to receive traffic from outside your home network. And then configure those ports to forward to your jellyfin server.
Thanks!
yw!
Thanks for clarifying. No, it is only meant to be used as a centralized entertainment system here in my home. None of us care about taking said media with us when we leave the house.