Hi y’all, thanks for the help with my question yesterday. I did a bit of homework, and I think I’ve got things figured out. Here’s my revised plan:

  1. configure a cron job to update DuckDNS with my IP address every 5 minutes

  2. use ufw to block all incoming traffic, except to ports 80 and 443, to allow incoming traffic to reach Caddy

  3. configure the Caddyfile to direct traffic from my DuckDNS subdomain to Jellyfin’s port

Does this seem right this time? Am I missing anything, or unnecessarily adding steps? Thanks in advance, I’ll get the hang of all this someday!

  • dgdft@lemmy.worldEnglish
    24·
    1 day ago

    Sorry, I assumed you were intelligent and sanewashed your comment.

    I assumed you were talking about the fact that internal web servers that services like Jellyfin run are often DoSable without a proxy.

    Jellyfin is quite literally a web app and perfectly safe to host on the web. Wanna prove me wrong? I’ll happily spin up an instance and throw a $500 bounty on there for you.

      • dgdft@lemmy.worldEnglish
        3·
        19 hours ago

        Rt, my bad for the personal attack; I was trying to be saucy with that opener and missed the mark.

        That being said, your opinion is still hot garbage. It’s not hard at all to host dynamic services publicly with minimal risk if you know what you’re doing, and Jellyfin is pretty damn low risk.

        The argument you’re making is comparable to going on a car forum and saying no one should ever drive on a public road because you might crash, and there are drivers doing things you can’t control. It’s factually true that you mitigate all risk by doing so, but misses the fact the people can and do drive on public roads all the time without much hurrah.