Running a TrueNAS Scale server with Jellyfin and planning to add Nextcloud. How would I be able to access these services from outside my network? I have heard portforwarding is unsafe and a VPN seems inconvenient to me.

  • cwagner@lemmy.cwagner.me
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    a) forwarding is as save as those services. Probably fine for nextcloud, no idea about jellyfin

    b) VPNish: tailscale is amazing for that, and you can go fully selfhosted with headscale. Not really inconvenient imo, though I heard is bit great for mobile battery life.

    c) front it with some SSO solution. The most work by far, but also the cleanest solution, that allows remote access for everything.

    • vegetaaaaaaa@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Internet-facing Jellyfin instance is a bit too risky for my taste (https://github.com/jellyfin/jellyfin/issues/5415), especially with those unauthenticated endpoints leaking contents of the server.

      If VPN is not an option, I suggest using setting a restrictive <RemoteIPFilter> in /etc/jellyfin/network.xml and/or placing Jellyfin behind HTTP basic auth.

      Internet-facing Nextcloud is fine in my experience, provided you harden the web server in the usual ways.