What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

  • Novi@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    67
    arrow-down
    5
    ·
    6 days ago

    I would not publicly expose ssh. Your home IP will get scanned all the time and external machines will try to connect to your ssh port.

    • Lucy :3@feddit.org
      link
      fedilink
      English
      arrow-up
      47
      ·
      6 days ago

      fail2ban with endlessh and abuseipdb as actions

      Anything that’s not specifically my username or git gets instantly blocked. Same with correct users but trying to use passwords or failing authentication in any way.

      • mosiacmango@lemm.ee
        link
        fedilink
        English
        arrow-up
        26
        ·
        edit-2
        6 days ago

        Youve minimized login risk, but not any 0 days or newly discovered vulnerabilites in your ssh server software. Its still best to not directly expose any ports you dont need to regularly interact with to the internet.

        Also, Look into crowdsec as a fail2ban replacement. Its uses automatically crowdsourced info to pre block IPs. A bit more proactive compared to abuseipdb manual reporting.

        • Thaurin@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 days ago

          I have the firewall of my VPS reject any IP range except the ones I’m on frequently, that is mobile, home and work. Sucks when you travel, but otherwise works alright.

          Still exposes ports to some people on the same mobile or home internet service networks…

    • Everyday0764@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      i have ssh on a random port and only get so many scan, so low that fail2ban never banned anyone that was not myself (accidentally).

    • Auli@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 days ago

      Ssh has nothing to do with scanning. Your IP and everyone else up is being scanned constantly. In ipv4 space at least.

        • fuckwit_mcbumcrumble@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          9
          ·
          6 days ago

          In 3 years I haven’t had a single attempted connection that wasn’t me. Once you get to the ephemeral ports nobody is scanning that high.

          I’m not saying run no security or something. Just nobody wants to scan all 65k ports. They’re looking for easy targets.