this post was submitted on 08 Jun 2026
477 points (96.1% liked)
Selfhosted
59864 readers
910 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Just fucking yeet it online
expected advice from typical JF users.
What's the worst that can happen. Someone watches your movies
Someone breakes in, then moves laterally to your home assistant running frigate to watch you sleep at night. Then uses your residential uplink as a proxy to resell on an open market.
After that, the possibilities are practically endless.
It's a rootless container. Chances are they are not going to do any of that.
Things are on the internet all the time.
Yeah docker isn't the isolation sandbox some people make it out to be. It's not meant for that. You very well may have a setup that's meant for that but it's more than I'm willing to expose.
No reason to connect jellyfin to any sort of local network, router will still hairpin for local connection.
With that setup its honestly more secure than 99% of IOT devices, and like 50% of routers.
edit: and if youre running it in the pentagon or something just toss authentication like keycloak in front of it, plus a bit of crowdsec/fail2ban and an IP whitelist, I'd be surprised if you'd even get an attack, much less one violating that strict of a threat models.
Good grief. If you're doing all that, just set up Wireguard
I mean containers make the networking pretty easy, everything beyond that is optional based on your threat model.
Same as hosting anything networked, you can do it easy or do it safe.
(but also wireguard is kinda an O(n) problem while exposing to wan is an O(1) problem - at least IT man hours wise)
Yup! That's the worst thing that can happen. Now would you be so be kind as to send us the link to your private unsecured Jellyfin server?
I'm tempted to. But I'm not. Just because I dont want to fox my domain here.
Is running in a rootless podman container. I'm confident