I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice would still be appreciated.

My SSL/TLS encryption mode appears to be “Full”.

  • nolight@lemm.eeOP
    link
    fedilink
    English
    arrow-up
    16
    ·
    10 months ago

    Thanks! No, that’s exactly what I wanted to do :) I was just wondering if it’s okay to have this many random requests, which seems to be fine.

    • Synapse@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      10 months ago

      Understood. Any public-facing server will be bombarded by bots. You need to deploy measures to avoid being hacked:

      1. Firewall: lockdown everything, allow only the strict necessary
      2. Remote login/SSH: update default username and pasword, only allow remote login using Encryption Key authentification
      3. (Optional) configure fail2ban to slowdown the attacks
      4. Keep your server up-to-date: configure auto-update, unattended-update or similare
      5. Setup and keep regular backups: be ready to nuke your server at anytime, with the confidence you can restart fresh in a short time and low effort

      Obviously, there are many other security steps that can be put in place, but firewall and ssh hardening are absolutely mandatory

        • skankhunt42
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 months ago

          Being up to date is VERY important. There’s a bunch of sites out there that scan the entire internet endlessly and keep information about each IP up to date. For example go here and search your IP.

          https://search.censys.io/

          When a vulnerability is found, attackers will go to sites like these and look for anything to hack. If you don’t update more or less immediately, you’re at huge risk.

          Other then that, everyone else is right. Being available to the public means you’re going to have bots scanning you and sending random trash. The only thing you can do is try and block it (fail2ban) or limit it (block certain countries) but at the end of the day its the software that gets the packets (jellyfin) that you need to trust to be secure and discard random junk.