Y’all looking for a reason to be mad

That’s an unnecessarily rude response. Even in the baking community, it should be fine to ask what goes into their decision to bake bread, or why they choose to bake bread instead of spending their time baking other things instead. Even if he already made up his mind, it’s fine to be curious about the motivations others.

He didn’t tell you what you can or can’t do, or what you should or shouldn’t do. He didn’t jellyfin is bad or that self hosting in general is bad. He wasn’t rude.

You say it’s an important life lesson to get that it’s ok for other people to have different tastes and priorities, but it’s also healthy to ask people about those tastes and priorities.

Did you just suggest Linux has no vulnerabilities in any of its distros, and neither does any of the self-hosted services?

Afraid people will use known vulnerabilities in common self-hosted software.

I’m afraid of security bugs in the software I’m using, so that containers don’t contain, read-only doesn’t prevent writing, mounting directories doesn’t restrict access to those directories, etc.

I’m a nobody, I can’t imagine anyone targeting me or my random domain, but I can imagine getting swept up in a net of attacks of opportunities targeting hosted software with known vulnerabilities, or injected supply chain vulnerabilities, so I want to reduce my attack surface as much as I can (while still actually letting the people I want to access it actually access it)

I’m kinda disappointed with this thread, I’m in a similar position to OP, but all the responses are just like “use a reverse proxy and make your URL hard to guess” and other measures which are not very secure. \

It seems like that’s about as good as you can get at the moment, because the mobile apps barf if you try to add in auth in front of the reverse proxy, but a lot of people seem to be providing this advice like it’s good enough rather than as good as you can get.

Idk if geo whitelisting is really good enough. I can’t speak for OP, but I’m in the same position and I don’t. I had high hopes for the post but everyone seems to just brush over the “secure” part

How do you get the mobile app to connect?