I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

  • Mubelotix@jlai.lu
    cake
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    5
    ·
    edit-2
    3 months ago

    Jellyfin is secure by default, as long as you have https. Just chose a secure password

    • doeknius_gloek@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      34
      ·
      edit-2
      3 months ago

      No, it isn’t.

      EDIT: I quickly want to add that Jellyfin is still great software. Just please don’t expose it to the public web, use a VPN (Wireguard, Tailscale, Nebula, …) instead.

      • Flipper@feddit.org
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 months ago

        Some of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).

          That way you preserve backwards compatibility without forcing everyone to be insecure.

          • merthyr1831@lemmy.ml
            link
            fedilink
            English
            arrow-up
            4
            ·
            3 months ago

            Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs

      • LiveLM@lemmy.zip
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        Oh boy. Nope. My friends gonna have to fiddle with a VPN, forget exposing JF to the outside…