this post was submitted on 14 Jun 2023
36 points (97.4% liked)

Selfhosted

40313 readers
239 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

When I see this sort of thing, and other people are trying to do it, a reverse proxy or vpn is always mentioned. Heres my question:

How Dangerous is it to just open the port for it on my router and access it like that?

Lets say i want to access jellyfin from Kodi on my xbox or something outside my network, the vpn solution wouldnt work for this i would think.

My issue with reverse proxies, and why im asking, is it seems less secure? I mean Im well aware that an IP is easy to get, i guess. But how likely is someone to look for something on my network specifically? With reverse proxies it seems like i would be broadcasting my server to the internet in a way its easier to happen across, than someone being interested in a random residential IP.

I run a minecraft server for friends on my main computer anyway, and i know tons of people do that, theoretically thats the same level of danger as opening my network for jellyfin specifically.

VPN isnt an option because of this xbox stuff i mentioned and people in my family who have 0 chance of understanding it regardless.

So what is the better option, going through this reverse proxy ( which im actually also unsure would work with kodi) or rawdog the server on my network. I guess leaving the server exposed? or every device even.

you are viewing a single comment's thread
view the rest of the comments
[–] jason@sh.itjust.works 3 points 1 year ago (2 children)

I use a reverse proxy so I can just use a hostname and not need a port. I run Jellyfin that way no problem, function-wise.

Additionally, not having a domain won’t necessarily protect you since you do have people out there scanning for ports and when they see 8096, they’re going to immediately know it’s a Jellyfin/Emby server and any vulnerabilities associated with those. If you use a reverse proxy, they only see 443 which is…pretty much every other site on the internet. That’s security through obscurity, I know, but it will help mitigate some of the easier attacks.

I’ll say that everything I have to have a port open for (mostly game servers) gets targeted by the internet at large despite the fact that I’ve published the address and port absolutely nowhere online and only shared it with close friends. I almost never get anyone trying to log in to my other services.

[–] Frylock@sh.itjust.works 4 points 1 year ago (3 children)

Okay, so can people just find that shit on google? And also what are the odds of certain companies and agencies being perturbed by me essentially broadcasting copyrighted content? Even if i own it. I shpuldnt expect FBI or worse, Viacom hitmen right? Especially of the content is behond a log in?

[–] argentcorvid@midwest.social 3 points 1 year ago

Not even Google, they just go through every ip and port number and record if something responds

[–] deafboy@lemmy.world 2 points 1 year ago

Not only are people doing regular scans, there are companies with dedicated infrastructure to do the scans for them, and making result easily searchable.

Check out https://www.shodan.io . Put your (or any other) IP address in the search bar and I guarantee the most of the services running there are already scraped, indexed and categorized. Sometimes it will even recognize a specific app or framework it's build upon.

Not only you can search for a specific IPs, but can easily look for, let's say all jellyfin instances in a certain country.

I used to search for open tvheadend instances to watch certain TV channels for free. There was a guy who not only published his tvheadend on the internet, but there was an active VNC server on his mediacenter, running kodi. Controllable by anyone without a password.

[–] Aarkon@feddit.de 3 points 1 year ago

I wouldn't say this is security through obscurity, as you don't hide how asystem works, but what it is in general. On the forefront, IT security is a game about information retrieval, and you're making it easier than necessary for attackers if you give away details about what services you run for free. ;)