I want to make a Jellyfin/Plex server. How do I safely let my friends and family connect to it?
I'd like to create a Plex/Jellyfin server that I can open up to family and friends on other networks. I know there are security concerns with opening my home network to outside traffic like this, but I'm not educated well enough on cyber security to know what practices to avoid or how to accomplish this safely.
Something I've come across is the Firewalla Purple . It's a device that plugs into your modem to provide a firewall, DNS ad blocking, and some other cyber security features.
From what I've read, the network monitoring and security features provided by this product would solve the security concerns that come with opening a Jellyfin/Plex server to outside connections. Firewalla also provides lifetime access to their VPN with the purchase of their products, so I could stop paying for Proton if it's any good. The DNS ad blocking is a huge bonus.
How can I safely let friends and family stream from my Plex/Jellyfin server? Would this Firewalla product solve any of these issues? Is their VPN service comparable to Proton or Mullvad?
your router also has a firewall, so thats where you limit the jellyfin port to the service on your server.. then your security concern is at jellyfin itself (certificate, users accounts etc).
gluetun is great because it can establish a vpn connection using openvpn (which any good vpn provider supports). you can then set anything inside your network or other containers to use that for their external internet access very easily.
the benefit with this is if the tunnel goes down, your stuff doesnt accidentally use the non-vpn'ed connection.
so if you were hypothetically running a torrent client, it would never bleed your public ip.
im already solid with proton for email purposes, which includes vpn access. me paying anyone else for vpn would just be superfluous
Plex will be slightly easier as it will handle routing and accounts, jellyfin will need a URL. I would run either one in docker. Network wise you would need only port forward the ports you need and not need another device.