Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Ask them to visit https://ipv4.icanhazip.com/ and give you back the number, then whitelist in your webserver, as well as your LAN/VPN range, deny rest. Explain they can only reach jellyfin from their home internet. Repeat if they get 403 forbidden after they get a new WAN IP.
That or VPN like openziti, wireguard but gets more complicated.
You really can’t assume your visitors are going to have static IPs.
What happens when they visit from their phone? A friend’s WiFi? Their home connection that has a regularly changing IP?
So far I’ve seen WAN leases expire after a long time, say months, or quarter year, so is doable. If becomes an issue I’ll work with them on a VPN solution but is a pain for non-technical users or non-supported hardware. That’s also why I explain “use from your home network only”.
What’s your concern about running it behind a reverse proxy, like caddy or nginx?
https://www.moanmyip.com/
It’s exactly what it sounds like.
I like how if it’s IPv6 it just gives up
This is solid. I wonder if you could rig up a ddns somehow to keep it seamless?
Something like reverse dynamic DNS for end users? Hm, only if it would be easy to setup, is on the same level as a VPN client I’d say.