you are right to be careful here. But it certainly is also not a “requirement to deploy jellyfin” either. It’s just a good practice to minimize attack surface, no matter what you expose. Unless it’s meant for the general public and advertised, then this makes little sense :-)
Also, most selfhosters have at best one IP to use. This helps with the one-IP-multiple-webservices problem anyway.
you are right to be careful here. But it certainly is also not a “requirement to deploy jellyfin” either. It’s just a good practice to minimize attack surface, no matter what you expose. Unless it’s meant for the general public and advertised, then this makes little sense :-)
Also, most selfhosters have at best one IP to use. This helps with the one-IP-multiple-webservices problem anyway.