this post was submitted on 04 Jan 2026
128 points (97.1% liked)

Selfhosted

54297 readers
284 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
128
Self hosting with subdomains (jackdavies.github.io)
submitted 3 days ago by JackDavies@lemmy.world to c/selfhosted@lemmy.world
46 comments fedilink hide all child comments
 

I created a short tutorial on using sub domains to access services hosted within my home network, thought I would share it here in case anyone finds it useful

This is the first time I've made a technical tutorial so apologise if there are mistakes/its confusing, feedback will be appreciated

you are viewing a single comment's thread
view the rest of the comments
[–] frongt@lemmy.zip -5 points 3 days ago (3 children)

Doesn't matter. Any exposure risks compromise. From there, an attacker could pivot to read your data, mine cryptocurrency on your device(s), serve objectionable material, or other unsavory activities.

Even if you have authentication enabled, not all APIs require authentication. Jellyfin in particular is not designed to be internet-facing. And even if it does require authentication, authentication bypass attacks are a thing.

[–] jtzl@lemmy.zip 4 points 2 days ago

If you really want to secure your computer, encase that puppy in concrete (after disconnecting it from power),

[–] Magnum@infosec.pub 1 points 2 days ago (2 children)

What do you mean JellyFin is not designed to be Internet facing??? https://jellyfin.org/docs/general/post-install/networking/

[–] Appoxo@lemmy.dbzer0.com 1 points 2 days ago (1 children)

Designed meaning in that case intended to be exposed.
More of an internal thing.
VPNs on the other hand are designed to be exposed. Same with some ssh servers or reverse proxies like traefik, nginx etc.

[–] Magnum@infosec.pub 1 points 2 days ago (1 children)

So you mean the JellyFin ports should not be directlly exposed, but self hosting and exposing nginx to forward the traffic locally to jellyfin is fine?

[–] Appoxo@lemmy.dbzer0.com 1 points 2 days ago (1 children)

Better rather than worse, yes.

Just need to be aware if what you expose and how and where.

[–] Magnum@infosec.pub 1 points 2 days ago (1 children)

So its also not designed to be exposed via nginx?

[–] Appoxo@lemmy.dbzer0.com 2 points 2 days ago

Please stop nitpicking.
It's as insecure as every other software exposed to the internet.
It's just that some softwares (like Jellyfin) is more prone to be a risk than others (like nginx).

Juat be aware of what you do.

[–] VeganCheesecake@lemmy.blahaj.zone 1 points 3 days ago

... sure. Nothing here is wrong, but there's ways to try and mitigate that. And then it's kinda an arms race, and vigilance.