fdroid link: https://f-droid.org/packages/org.fairscan.app

The scraping/bandwidth abuse problem can easily be worked around.

how?

anubis does not protect the APIs, and it cannot protect against bot traffic coming from many different residential proxies

are you sure that is a good link?

for anyone reading this, Codeberg/Forgejo can migrate issues too! use the “new migration” function in the menu where you create new repositories, and tick the box for copying issues and wiki. it is a one time copy only, though, so if you are dedicated you should restrict issues on the github repo to collaborators only, so that people can’t open new issues (which won’t be able to be synced anymore), but old ones are still readable in their original form.

syncing issues cannot be done later, it’s for new repos only

for a very long time it was not only possible for experts. like, I would say the last 10-15 years, maybe even more. It’s very harmful that people can now create things they don’t even know how to check what it does, and they just assume this “sentient thing” actually produced what you wanted with no major flaws. thing is, you (or anyone else vibecoding things) won’t be able to determine what is good or bad without taking the time and learning the building blocks, learning how they work and how they are supposed to be used.

also your comments look like AI generated comments, fake enthusiasm and all the rest. it does not inspire much confidence

“if I don’t have to”. and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it’s sensible by default)? I smell doubt.

but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.

I’m not moving goalposts. I’m still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don’t care how are you running Jellyfin. I don’t want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won’t have.

plenty of FOSS projects are safe to expose through a simple reverse proxy

I have my doubts about that. Personally I would never do that.

Talking about security… Have you heard of intrusion detection, process isolation, or principle of least privilege?

are you aware that the very popular official docker image for jellyfin still runs the jellyfin process as root? or that most people just mount their media libraries as a read-write volume because they don’t know better?

I would also be very interested about statistics on how many jellyfin admins run intrusion detection software on their system, if you have any.

yeah, it’s the operator’s job to help setting that up

wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian

I really doubt your work has anything to do with computers

would not ever use your services in that case

much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don’t see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don’t recommend these practices to anyone, because you are putting them at risk.

idk man, I wont keep my front gate unlocked just so my friends can come in without keys. either they accept having to carry an additional key, or they won’t have access without me, but I’m not going to compromise on reasonable security. oh the burden I know.

I’ll help them set it up if they want it, they are not on their own. but zero effort won’t work.

to be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it

well, at least you are not depending on the application to do TLS properly, and you may be able to set up some access restrictions that your clients may support

you are better just closing up shop then, because it’s not like the other services you are are much better. vulnerabilities being discovered don’t mean they don’t exist, it just means the software is not popular enough or too complex for someone to look into it

they are not setting up the Jellyfin server either, why would they need to bother with the VPN?

Tvs game consoles rokus so on so forth typically don’t support VPN clients.

and that’s why you set up a VPN client box on the location, set it up as a regular VPN client, and install a reverse proxy on it that the dumb clients can connect to.

the VPN box could be as simple as an old android phone no one uses, and termux

I know way too many people who won’t remember to toggle it on, or just won’t deal with it

they need a VPN app that toggles automatically. turn off when they happen to connect to your network, otherwise on, and only forward jellyfin and such apps through it.

I know way too many people who won’t remember to toggle it on, or just won’t deal with it

they need a VPN app that toggles automatically. turn off when they happen to connect to your network, otherwise on, and only forward jellyfin and such apps through it.