I put mine behind a reverse proxy, like any sane person would. Configure an original sni and you are basically invisible. (Tls1.3, doh/dot make it even better, depending on your threat model, but most likely overkill)
While you are (probably?) correct, this is significantly beyond what is required to deploy Plex for a standard home server chump like me.
I’m using jellyfin and a few others, but am consciously putting off exposing these services to the web until I can learn enough about security to do so. Given life, this will probably take me the better part of a year…
you are right to be careful here. But it certainly is also not a “requirement to deploy jellyfin” either. It’s just a good practice to minimize attack surface, no matter what you expose. Unless it’s meant for the general public and advertised, then this makes little sense :-)
Also, most selfhosters have at best one IP to use. This helps with the one-IP-multiple-webservices problem anyway.
I put mine behind a reverse proxy, like any sane person would. Configure an original sni and you are basically invisible. (Tls1.3, doh/dot make it even better, depending on your threat model, but most likely overkill)
While you are (probably?) correct, this is significantly beyond what is required to deploy Plex for a standard home server chump like me.
I’m using jellyfin and a few others, but am consciously putting off exposing these services to the web until I can learn enough about security to do so. Given life, this will probably take me the better part of a year…
you are right to be careful here. But it certainly is also not a “requirement to deploy jellyfin” either. It’s just a good practice to minimize attack surface, no matter what you expose. Unless it’s meant for the general public and advertised, then this makes little sense :-)
Also, most selfhosters have at best one IP to use. This helps with the one-IP-multiple-webservices problem anyway.