this post was submitted on 08 Dec 2025
81 points (98.8% liked)

Selfhosted

59850 readers
286 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
81
What's the security situation when opening a jellyfin server up for casting? (feddit.nu)
submitted 6 months ago by lime@feddit.nu to c/selfhosted@lemmy.world
76 comments fedilink hide all child comments
 

when reading through the jellyfin with chromecast guide i realized that it would probably be less effort to just let the casting api be public, with the added bonus that i could then cast my library to any device that supports it. but that seems like it would paint a giant target on the server.

what's the recommended way of doing stuff like this? ideally i want to be able to go to someone's house and just play some of my media on their tv.

not that any of this is doable in the near future, since i'm behind cgnat and won't get my colocated bounce server up until spring.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] IsoKiero@sopuli.xyz 5 points 6 months ago (1 children)

Not spesifically helpful with your cgnat-situation, but my jellyfin runs on a isolated network and it's just directly exposed to the internet via named reverse proxy in order to share the library with family and friends. Should someone get access to that they can obviously use the VM for nefarious purposes, but it's a known risk for me and the attacker would need to breach trough either my VLAN isolation or out of the virtual environment to my proxmox host if they wanted to access my actually valuable data.

Sure, there's bots trying every imaginable password combination and such, but in my scenario even if they could breach either the jellyfin server or reverse proxy it's not that big of a deal. Obviously I keep the setup updated and do my best to keep bad actors out. but as I mentioned, breach for that one server would not be the end of the world.

With cgnat there's not much else to do than to run a VPN where server is somewhere publicly accessible and route traffic via that tunnel (obviously running a VPN-client on jellyfin-server or otherwise routing traffic to it via VPN). Any common VPN-server should do the trick.

[โ€“] lime@feddit.nu 2 points 6 months ago

i like how everyone got hooked on the cgnat thing when i gave the actual solution in the main post. but yeah there's always the option of not doing anything until i see issues.