• 0 Posts
  • 6 Comments
Joined 2 months ago
Cake day: October 8th, 2025
  • nublug@piefed.blahaj.zonetoSelfhosted@lemmy.worldWhat's the security situation when opening a jellyfin server up for casting?English
    3·
    22 hours ago

    EDIT: ddns does not work behind cgnat, only vpns and cloudflare tunnels do. my bad.

    cgnat is doable with a dynamic dns service. you sign up free at duckdns, freedns, or desec, set up the subdomain you want (example.dedyn.io), install or host in a container a small ddns tool that will periodically (5 min typically) check what your current ip is and update your dns record with that dns service automatically with an api. some routers even have a dynamic dns setting so you can do it without a separate install.

    as far as security, you’ll at a minimum want a long, unique password for any jellyfin accounts, and you should place it behind a reverse proxy like nginx, nginx proxy manager for a gui, caddy, or traeffik for some docker automagic fuckery i still don’t understand. i use nginx proxy manager, set up a wildcard *.example.dedyn.io certificate and force ssl on each service i’m forwarding.

    you can get fanicer and have an authentication layer self hosted as well like authelia or authentik, but beware that apparently mobile apps and smart tv apps for jellyfin do not play nice because they use the same http port as web access and do not have the ability to pop open a web portal for a secondary auth and will not work with these yet. so it’s a good extra layer and 2fa sso addition but only if you use the webgui jellyfin and don’t rely on an app, which considering you’re asking about casting is probably not your use case.

    what else you can do is set up a crowdsec or fail2ban service that will read logs from either the reverse proxy or jellyfin itself and ban ips thru your host firewall that fail to log in to help prevent bots from brute forcing in.

    it’s not perfect but with a reverse proxy, ip banning tool, and strong, long passwords on jellyfin it should be relatively ok.

    however it would probably be most secure to setup an openvpn or tailscale to vpn to your host and have a definitely secure link to jellyfin from everywhere. i don’t use these myself so i don’t know about limitations this way such as mobile app or smart tv app compatibility, though. and if you want to share with other users it comes with its own security considerations of letting others have a vpn into your host.

    hope some of this helps, also there’s a cloudflare tunnel thing you can use instead of those dynamic dns services for domain redirect to ip behind cgnat, but i haven’t used it either and don’t know what all it entails.

    good luck!

  • nublug@piefed.blahaj.zonetocats@lemmy.worlda pair ready for travelEnglish
    0·
    6 days ago

    the eyes and ears feel wrong, but i can’t place it for sure. that third wheel in the bottom left is sus, and the fur on the right side cat on it’s tummy is a little too blended, as are it’s back feets. i think it’s probably ai, but it may just be some motion blurring on the cat, a shitty filter for the eyes, and a matching suitcase beside the pictured one for the wheel. it’s a high quality ai fake if it is one.

    well… looking closer before submitting and the mesh fabric, zipper, the detail on the latches on the right, the straight line of the counter and the cabinets behind all look good and real. actually i’m pretty sure this i not ai, i doubt any could get all that stuff so clean. i think it must just be a tiktok filter or the like doing some softening and blending on the eyes and some motion blur on the fur.

    edit: lmao now i can’t be sure either way. the cabinet/counter/wall at the back/top of the pic is confusing. is this a counter the suitcase is on? why is there another counter just a few inches behind this one? there appears to be some sort of power cable on the top right going nowhere under the edge of the back counter? i am confusion.