This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Mikal_ on 2025-03-06 16:47:19+00:00.

This applies to several things, but I'm going to use Jellyfin as an example since it's both the most used and the most critical

What I have:

• Jellyfin running at home
• containerized
• passwords set up by me
• cloudflare tunnel
• cloudflare blocking all countries except the ones we're not in
• URL is guessable (aka not a random string, think movies.my-domain.com )
• all users' permissions are properly limited

Where it's used:

• my mom's smart TV
• my mom's phone
• friends' place

What I'm scared of:

• someone gaining access to an admin account and deleting stuff
• someone gaining access to stuff they shouldn't have access to
• some other stuff I'm not knowledgeable enough about security to even think about

What I thought of but don't think I can use:

• Stop the tunnels, use a VPN to connect to home network
  • no way I can explain to my mom how to use this
  • don't think smart TVs support this
• add cookie based rule on Cloudflare
  • I use this on other services, I like it
  • but again, smart TV
• add user-agent based rule on Cloudflare
  • not really stable
  • no idea what user agent her TV has, or what is used by apps etc.
• some fancy setup on her home network
  • I live ~10000km away from my mom
  • I have no idea what internet setup she has at home, most likely an old Wi-Fi router on the ground somewhere

Is the current setup I have secure enough? Is there some way to make it better without requiring any difficult action from my mom?