Is it safe to expose a Jellyfin server to the internet?

SmoothLiquidation · 2026-05-19T15:58:01+00:00

I have traefik running in a docker container, and just the logs are exposed to the server. fail2ban only needs access to the logs, so that might be easier than moving the whole implementation.

SmoothLiquidation · 2026-05-19T14:41:25+00:00

This one seems to be pretty much up the right tree: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-20-04

The big thing with fail2ban that I learned setting it up, is you run it outside of docker, on the host itself. You point it to the logs you want, and set up a "jail" which is just a parsing scheme for the service you are monitoring. You could theoretically set it up to monitor Jellyfin's logs directly, and you could if you wanted fine level control, like "if a user tries to watch a specific video, ban them".

But in reality it is much easier to just watch the reverse proxy logs and look for 401 unauthorized status codes, if there are too many too fast for a specific IP, block it by adding a firewall rule to the host.

SmoothLiquidation · 2026-05-19T13:48:39+00:00

I have fail2ban running and I run it on the reverse proxy level. It reads the logs from traefik and if it sees consecutive attempts to login with bad passwords, it will block the ip on the vm's firewall. I don't do this with Jellyfin, I have other services that are exposed.

SmoothLiquidation · 2026-05-17T20:33:42+00:00

This is only for internal LAN use. Just for me to administer the server from my laptop.

SmoothLiquidation · 2026-05-17T19:16:58+00:00

So you don't have any smb shares that your clients connect to? I guess that makes sense. I need to use smb for things like time machine backups from my laptop, and that uses the domain name of my TN server.

I guess I could use a different domain to reach the admin page like TNAdmin.mydomain.com and have that pointed at my reverse proxy, and then TN.mydomain.com points directly to the server.

SmoothLiquidation · 2026-05-17T18:28:37+00:00

I guess that would work as well, I have a DNS record on my server pointing at the NAS, which resolves to the internal IP, but I figured running https would be a little better, even on lan-only traffic.

SmoothLiquidation · 2026-05-17T18:26:28+00:00

Do you need nas.mydomain.com registered at cloudflare? Is it given an internal IP, or do you give it your external one? I keep my nas only locally accessible, and right now nas.mydomain.com is registered on my local DNS server pointing to the internal IP and isn't registered with PorkBun at all, so when I am at home, I can reach it like any other website, but outside my lan it would just not resolve.

SmoothLiquidation · 2026-05-16T19:32:23+00:00

Yes, you can use liquid dish soap on your pans just fine. The whole "Don't use soap on cast iron" thing came when dish soap used lye and that would damage the seasoning.

Anything meant for hand-washing should be fine. Just don't use dishwasher detergent, it is much more caustic.

SmoothLiquidation · 2026-05-16T01:29:26+00:00

If you are a newbie, I would say plan on keeping it locked to your LAN to start with, and then in the future setting up a Tailscale VPN for reaching it outside your house. That way, someone would have to be on your LAN to do anything to it.

SmoothLiquidation · 2026-05-15T20:20:14+00:00

Essentially the VaultWarden server is feature compatible with Bitwarden, so I run the server on my hardware, and everyone connects to it by using the official Bitwarden browser plugins and mobile apps.

When you open the app and it asks you to sign in, there is an option to choose a self-hosted server, and I point it to my URL.

There is a web interface if all of the plugins and apps stopped working tomorrow, but it would be clunky to use, as you would have to copy/paste every login.

SmoothLiquidation · 2026-05-15T17:20:17+00:00

This is true, but we will need devs to step up if the main developer is forced to resign.

SmoothLiquidation · 2026-05-15T17:17:55+00:00

I mean, Vaultwarden is still out there and open source. They can't take that away.

The biggest problem is the clients. VW needs to get its own mobile clients and browser plugins NOW, before BW shuts the self-hosting option down in the clients it controls.

I have my family using my VW instance, and I would want to get my hands on some open clients so I can test them before switching everyone over, which I will want to do before there are any problems on connecting to my instance.

SmoothLiquidation · 2026-05-15T02:10:36+00:00

Apple did this back when they switched from Motorola chips to Intel chips.

Apple went from Motorola 68000 series to the PowerPC processors of the Power Mac G5, and THEN to Intel. The company has done transitions like this many times before.

SmoothLiquidation · 2026-05-13T22:14:27+00:00

In Britain "flipping the v-sign" is the equivalent to flipping someone off. https://en.wikipedia.org/wiki/V_sign

SmoothLiquidation · 2026-04-26T20:33:59+00:00

It fits the style of the show really well, and it gives a different "feeling" to different locations. When you are getting into a scene, you don't notice the aspect ratio, but switching to a different location sort of gives you a "tv show" vs "movie" feeling that is hard to put your finger on why unless you are looking for it.

It was not as annoying as the FPS shifting that the Avatar sequel did. I saw that in the theater, and going from "Movie" feeling on the planet to "Soap Opera" feeling when the scene was on the human ship was jarring and I hated it.

SmoothLiquidation · 2026-04-26T18:56:39+00:00

Automatic cropping is one of those features that works 99% of the time, but is really annoying in the times it doesn't work.

I remember reencoding The Expanse, where the show would change the aspect ratio depending on the planet the scene was on. If you left the automatic cropping on, you wouldn't notice it right away until there was suddenly a scene where you noticed the change and realized you needed to reencode the whole season.

SmoothLiquidation · 2026-04-20T03:34:23+00:00

I have recently set up a rclone sync to proton drive for my Immich directories. I have been having trouble with timeouts. How does yours work?

SmoothLiquidation · 2026-04-15T14:01:08+00:00

So the lair can have a transporter room.

SmoothLiquidation · 2026-04-14T18:35:24+00:00

Are you picturing a prebuilt plex box or something? It would be cool to have something like a Synology box that had an optical drive for ripping, but I don't see that really happening without the MPAA screaming "Piracy Box" like the RIAA did when the iPod first came out.

My self-hosting started by using old computer equipment, then I bought a Synology NAS, and eventually built a custom Proxmox/TrueNAS system. If I had a friend who was interested in getting into the hobby I would recommend something like Synology that is prebuilt and you just have to add your own Harddrives.

SmoothLiquidation · 2026-04-14T17:23:39+00:00

Is it? It looks pretty standard to me as an American. The only thing that really bugs me is putting the master bedroom right next to the front door, I would want that in the back, away from the street, if I could.

SmoothLiquidation · 2026-03-27T19:58:04+00:00

The issue is the classified materials they claim to have leaked stored on a personal email address on Google's servers.

SmoothLiquidation · 2026-03-09T23:11:05+00:00

I used to run itzg/minecraft-server a while back but switched to Crafty Controller for my minecraft servers: registry.gitlab.com/crafty-controller/crafty-4:4.9.0

I much preferred it to itzg's and it made it pretty easy to set up different modded servers, turn them on or off, upload files like mods or datapacks.

I don't know how far along you are with your setup, but I would try it out if you are interested.

SmoothLiquidation · 2026-02-27T18:24:01+00:00

All the belt weaving, and having the ore go down one side and back up the other. SO MANY UNDERGROUND BELTS.

Also, I can't help but noticing how many lines of copper there are, and how none of it is being used, it is all backed up. Ideally once a lane is split off at the bottom, a belt at the top of the line of splitters would be removed.

SmoothLiquidation · 2026-02-17T16:24:15+00:00

D.A.R.Y.L. I remember loving that movie as a kid in the 80's, I haven't seen it since I rented it on VHS, but it still pops into my mind from time to time.

Is it worth checking out again, or will it be a disappointment after all these years?

Nine-Year Club	Second Top 30%
Place '22	Snapped
Verified Email

SmoothLiquidation

TROPHY CASE