Hi y’all, thanks for the help with my question yesterday. I did a bit of homework, and I think I’ve got things figured out. Here’s my revised plan:
-
configure a cron job to update DuckDNS with my IP address every 5 minutes
-
use ufw to block all incoming traffic, except to ports 80 and 443, to allow incoming traffic to reach Caddy
-
configure the Caddyfile to direct traffic from my DuckDNS subdomain to Jellyfin’s port
Does this seem right this time? Am I missing anything, or unnecessarily adding steps? Thanks in advance, I’ll get the hang of all this someday!
Yeah, fair point — I was only talking RCE.
That’s a real risk if you get hit by a lazy stuffing script, and I personally SSH tunnel my self-hosted to a public VPS to avoid that sorta thing.
@Op, if you do notice slowdowns for your whole network & suspicious noise in your Jellyfin logs, the easy move is to configure fail2ban and ask your ISP to rotate your router’s IP for you.