After 14 years with Plex, I finally moved my video library to Jellyfin. Why rising costs, feature restrictions and digital ownership pushed me towards FOSS.
Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
No reason to connect jellyfin to any sort of local network, router will still hairpin for local connection.
With that setup its honestly more secure than 99% of IOT devices, and like 50% of routers.
edit: and if youre running it in the pentagon or something just toss authentication like keycloak in front of it, plus a bit of crowdsec/fail2ban and an IP whitelist, I’d be surprised if you’d even get an attack, much less one violating that strict of a threat models.
Yeah docker isn’t the isolation sandbox some people make it out to be. It’s not meant for that. You very well may have a setup that’s meant for that but it’s more than I’m willing to expose.
expected advice from typical JF users.
What’s the worst that can happen. Someone watches your movies
Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
No reason to connect jellyfin to any sort of local network, router will still hairpin for local connection.
With that setup its honestly more secure than 99% of IOT devices, and like 50% of routers.
edit: and if youre running it in the pentagon or something just toss authentication like keycloak in front of it, plus a bit of crowdsec/fail2ban and an IP whitelist, I’d be surprised if you’d even get an attack, much less one violating that strict of a threat models.
It’s a rootless container. Chances are they are not going to do any of that.
Things are on the internet all the time.
Yeah docker isn’t the isolation sandbox some people make it out to be. It’s not meant for that. You very well may have a setup that’s meant for that but it’s more than I’m willing to expose.
Yup! That’s the worst thing that can happen. Now would you be so be kind as to send us the link to your private unsecured Jellyfin server?
I’m tempted to. But I’m not. Just because I dont want to fox my domain here.
Is running in a rootless podman container. I’m confident