Problem is access outside your home for family and friends.
There are serious security gaps that make it a non starter to expose to the internet.
I’ve been using Jellyfin ever since they forked out of Emby, and honestly, it’s the biggest complaint that I have. It is incredibly difficult to make it available to friends and family who are on various devices, networks, so on and so forth.
Why not use a zero trust VPN like netbird? It is fully open source.
You can create a reverse proxy that requires a password to get through to jellyfin. I think there is a limit of like 5 for this though (unless you pay or self host).
thanks; for anyone looking, the issues have been split out at the bottom, none of them are addressed as of this writing. I don’t know that I feel like they are that serious (most of them allow you to play things if you know an ID), but they are the kind of thing you’d see in a project where there are bigger security issues.
Problem is access outside your home for family and friends.
There are serious security gaps that make it a non starter to expose to the internet.
I’ve been using Jellyfin ever since they forked out of Emby, and honestly, it’s the biggest complaint that I have. It is incredibly difficult to make it available to friends and family who are on various devices, networks, so on and so forth.
Whereas Plex “just works.”
Wait what? I have been sharing my jellyfin using a cloudflare tunnel to the endpoint.
Could you elaborate on the security gaps? How can I pen-test myself to see if I’m vulnerable
https://github.com/jellyfin/jellyfin/issues/5415 nothing too serious, but here you go
Thanks, I guess I am mostly ok with these.
Why not use a zero trust VPN like netbird? It is fully open source.
You can create a reverse proxy that requires a password to get through to jellyfin. I think there is a limit of like 5 for this though (unless you pay or self host).
Because clients would probably fail if there’s an authentication layer on front that they’re not expecting.
What security gaps in particular? I did have to reverse proxy to get it to https, are there additional security issues?
Exposed endpoints that have no authentication and various other things like that.
It’s application level security issues.
If there is an older collation here https://github.com/jellyfin/jellyfin/issues/5415
thanks; for anyone looking, the issues have been split out at the bottom, none of them are addressed as of this writing. I don’t know that I feel like they are that serious (most of them allow you to play things if you know an ID), but they are the kind of thing you’d see in a project where there are bigger security issues.