I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be “Full”.

  • Synapse@lemmy.worldEnglish
    191·
    1 year ago

    It sounds like you made your Jellyfin server public-facing, which is probably not what you want, even though it is supposed to be secured.

    I recommend that you setup access through an exclusive and private connection of some kind. E.g: VPN, Tailscale, ZeroTier.

    • nolight@lemm.eeOPEnglish
      10·
      1 year ago

      Thanks! No, that’s exactly what I wanted to do :) I was just wondering if it’s okay to have this many random requests, which seems to be fine.

      • Synapse@lemmy.worldEnglish
        101·
        1 year ago

        Understood. Any public-facing server will be bombarded by bots. You need to deploy measures to avoid being hacked:

        1. Firewall: lockdown everything, allow only the strict necessary
        2. Remote login/SSH: update default username and pasword, only allow remote login using Encryption Key authentification
        3. (Optional) configure fail2ban to slowdown the attacks
        4. Keep your server up-to-date: configure auto-update, unattended-update or similare
        5. Setup and keep regular backups: be ready to nuke your server at anytime, with the confidence you can restart fresh in a short time and low effort

        Obviously, there are many other security steps that can be put in place, but firewall and ssh hardening are absolutely mandatory