After 14 years with Plex, I finally moved my video library to Jellyfin. Why rising costs, feature restrictions and digital ownership pushed me towards FOSS.
Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
No reason to connect jellyfin to any sort of local network, router will still hairpin for local connection.
With that setup its honestly more secure than 99% of IOT devices, and like 50% of routers.
edit: and if youre running it in the pentagon or something just toss authentication like keycloak in front of it, plus a bit of crowdsec/fail2ban and an IP whitelist, I’d be surprised if you’d even get an attack, much less one violating that strict of a threat models.
Yeah docker isn’t the isolation sandbox some people make it out to be. It’s not meant for that. You very well may have a setup that’s meant for that but it’s more than I’m willing to expose.
Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
No reason to connect jellyfin to any sort of local network, router will still hairpin for local connection.
With that setup its honestly more secure than 99% of IOT devices, and like 50% of routers.
edit: and if youre running it in the pentagon or something just toss authentication like keycloak in front of it, plus a bit of crowdsec/fail2ban and an IP whitelist, I’d be surprised if you’d even get an attack, much less one violating that strict of a threat models.
It’s a rootless container. Chances are they are not going to do any of that.
Things are on the internet all the time.
Yeah docker isn’t the isolation sandbox some people make it out to be. It’s not meant for that. You very well may have a setup that’s meant for that but it’s more than I’m willing to expose.