A while back there was a situation where outsiders could get the name of the contents of your Jellyfin server, which would incriminate anyone. I believe it's patched now, but I don't think Jellyfin is winning any security awards. It's a selfhosted media server. I have no frame of reference for knowing whether or not any of my information was overkill and I'm sure there are even some out there that would say I didn't go far enough, even.
With prep-time, any prosecutor and crew could dig up every tiny detail about you in about a week, including every single site any related IP addresses to you have been to and how much time you spend there and all of your dns queries.
But here, on the spot. "You tell us".
Their lack of effort is correlated to the amount of spite they have for any individual person. It's like using a magnifying glass. If they actually gave a shit, they wouldn't have to ask.
Wireguard tunnel, be it tailscale, netbird, innernet, whatever
A vps with a proxy on it, I like Caddy
A PC at home with Jellyfin running on a port, sure, 8096
If you aren't using Tailscale, make your VPS your main hub for whatever you choose, pihole, wg-easy, etc. Connect the proxy to Jellyfin through your chosen tunnel, with ssl, Caddy makes it easy.
Since Jellyfin isn't exactly secure, secure it. Give it its own user and make sure your media isn't writable by the user. Inconvenient for deleting movies in the app, but better for security.
more...
Use fail2ban to stop intruders after failed login attempts, you can force fail2ban to listen in on jellyfin's host for failures and block ips automatically.
More!
Use Anubis and yes, I can confirm Anubis doesn't intrude Jellyfin connectivity and just works, connect it to fail2ban and you can cook your own ddos protection.
MORE!
SELinux. Lock Jellyfin down. Lock the system down. It's work but it's worth it.
I SAID MORE!
There's a GeoIP blocking plugin for Caddy that you can use to limit Jellyfin's access to your city, state, hemisphere, etc. You can also look into whitelisting in Caddy if everyone's IP is static. If not, ddns-server and a script to update Caddy every round? It can get deep.
Again, don't do any of this and just use Jellyfin over wireguard like everyone else does(they don't).
Iran doesn't actually have to have uranium for America to bomb them. In fact, if they didn't have uranimum, we'd be liberating them for the sake of Democracy or some shit. Israel told its wage slaves to bomb Iran, so its wage slaves are going to bomb Iran.
Remember last time?
"Oh, turns out... they didn't have weapons of mass destruction lmao. SILLY US! Oh well! Too late now!"
The majority of people eat at McDonalds. It doesn't make it a good idea on your finances or health. Sheep gonna baa.
If you for some reason think that megacorporations and big tech aren't monetizing the literal majority to the fullest extent of every single law they can break while getting away with it, you need to wake the fuck up. Big time. I don't know if this is some psyop from leddit or what but my doors stay closed, my android plays tablet mode with no sim. Thanks tho.
A while back there was a situation where outsiders could get the name of the contents of your Jellyfin server, which would incriminate anyone. I believe it's patched now, but I don't think Jellyfin is winning any security awards. It's a selfhosted media server. I have no frame of reference for knowing whether or not any of my information was overkill and I'm sure there are even some out there that would say I didn't go far enough, even.