I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.
My SSL/TLS encryption mode appears to be “Full”.
Understood. Any public-facing server will be bombarded by bots. You need to deploy measures to avoid being hacked:
Obviously, there are many other security steps that can be put in place, but firewall and ssh hardening are absolutely mandatory
Thank you, these are great tips!
Being up to date is VERY important. There’s a bunch of sites out there that scan the entire internet endlessly and keep information about each IP up to date. For example go here and search your IP.
https://search.censys.io/
When a vulnerability is found, attackers will go to sites like these and look for anything to hack. If you don’t update more or less immediately, you’re at huge risk.
Other then that, everyone else is right. Being available to the public means you’re going to have bots scanning you and sending random trash. The only thing you can do is try and block it (fail2ban) or limit it (block certain countries) but at the end of the day its the software that gets the packets (jellyfin) that you need to trust to be secure and discard random junk.