Running a TrueNAS Scale server with Jellyfin and planning to add Nextcloud. How would I be able to access these services from outside my network? I have heard portforwarding is unsafe and a VPN seems inconvenient to me.
Running a TrueNAS Scale server with Jellyfin and planning to add Nextcloud. How would I be able to access these services from outside my network? I have heard portforwarding is unsafe and a VPN seems inconvenient to me.
a) forwarding is as save as those services. Probably fine for nextcloud, no idea about jellyfin
b) VPNish: tailscale is amazing for that, and you can go fully selfhosted with headscale. Not really inconvenient imo, though I heard is bit great for mobile battery life.
c) front it with some SSO solution. The most work by far, but also the cleanest solution, that allows remote access for everything.
Internet-facing Jellyfin instance is a bit too risky for my taste (https://github.com/jellyfin/jellyfin/issues/5415), especially with those unauthenticated endpoints leaking contents of the server.
If VPN is not an option, I suggest using setting a restrictive
<RemoteIPFilter>in/etc/jellyfin/network.xmland/or placing Jellyfin behind HTTP basic auth.Internet-facing Nextcloud is fine in my experience, provided you harden the web server in the usual ways.