Hi y’all, thanks for the help with my question yesterday. I did a bit of homework, and I think I’ve got things figured out. Here’s my revised plan:

  1. configure a cron job to update DuckDNS with my IP address every 5 minutes

  2. use ufw to block all incoming traffic, except to ports 80 and 443, to allow incoming traffic to reach Caddy

  3. configure the Caddyfile to direct traffic from my DuckDNS subdomain to Jellyfin’s port

Does this seem right this time? Am I missing anything, or unnecessarily adding steps? Thanks in advance, I’ll get the hang of all this someday!

    • Onomatopoeia@lemmy.cafeEnglish
      6·
      3 days ago

      Meh, I won’t expose ports anymore - last time I did I had someone hammering on it hard enough to slow my consumer router.

      I closed the port and would still have someone hammer it occasionally for months, hoping the port was still open.

    • compostgoblin@lemmy.blahaj.zoneOPEnglish
      2·
      3 days ago

      Haha okay, thanks! And I’d just forward ports 80 and 443 from the router to ports 80 and 443 on the Pi’s internal IP address in the router settings, right?

    • littleomid@feddit.orgEnglish
      33·
      2 days ago

      If it doesn’t have to be exposed, then it shouldn’t be exposed. A Webserver should be exposed: Nginx and co are working on it for decades. Jellyfin on the other hand is a much smaller project, and chances for security issues are significantly higher.

        • littleomid@feddit.orgEnglish
          13·
          2 days ago

          How does reverse proxy help with security? Reverse proxy is mostly there for the convenience.

          • ITGuyLevi@programming.devEnglish
            3·
            2 days ago

            Umm… Not sure if you are serious but knowledge is meant to be shared so… A reverse proxy isn’t really for convenience, it sits between two networks and proxies traffic according to specific rules. It also has the benefit of masking the origin server a bit (like its IP) and in a lot of cases can be used as a way to ensure traffic going to a server or service that doesn’t support transport encryption actually transverses the internet within a secure tunnel.

            • littleomid@feddit.orgEnglish
              2·
              2 days ago

              Yes, that’s why I said mostly. In this context reverse proxy is being used to access different ports via 80/443 from outside. That is not necessarily the use case you’re mentioning.