I am in love with my Jellyfin server (running in a Docker container) - it feels so nice to take back control over my media consumption again, after more than a decade in the land of streaming. So much, that I want to share this with my family.
So I was thinking of setting up a reverse proxy (Nginx Proxy Manager is what I have used before) and expose my Jellyfin-instance through that. However, I’ve seen several people be skeptical about this solution, instead opting for access through a VPN (I don’t think that would be a good solution for some of my family members).
What are the potential pitfalls of setting it up this way, that makes people skeptical? Where could I go wrong, and what dangers would I expose myself to? As I understand it, this would only expose one port to the internet, direct all that traffic to the Nginx Proxy Manager, which then forwards traffic to specific ports internally on my home network, which sounds safe in my mind. Is it misconfiguration of the proxy manager I should be wary of? Or some exploits in the proxy manager?
Denial-of-service attacks or risk of someone compromising your server and therefore network via a vulnerability. Possibility of an attacker using your server for other malicious activities if they manage to compromise it.
Don’t get me wrong, your server would be a teeny tiny fish in the sea of internet connected services and probably of little interest to most hackers. But, if you expose the door, it’s gonna at least get knocked on.
Security issues aside, you will now be ‘tech support’ for this service and they’re going to complain at you any time it doesn’t do what they want it to. Just make sure you’re ok with that.